Recommended update for openssl
SUSE Recommended Update: Recommended update for openssl
| Announcement ID: | SUSE-RU-2017:2059-1 |
| Rating: | moderate |
| References: | #1019637 #1027079 #1027688 #1027908 #1028281 #1028723 #1029523 #1042392 #1044095 #1044107 #1044175 #902364 |
| Affected Products: |
An update that has 12 recommended fixes can now be installed.
Description:
This update for openssl fixes the following issues including fixes for our
ongoing FIPS 140-2 evaluation:
- Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32
problem (bsc#1027908)
- Use getrandom syscall instead of reading from /dev/urandom to get at
least 128 bits of entropy to comply with FIPS 140.2 IG 7.14 (bsc#1027079
bsc#1044175)
- Fix x86 extended feature detection (bsc#1029523)
- Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap"
environmental variable (bsc#1028723)
- s_client sent empty client certificate (bsc#1028281) Add back
certificate initialization set_cert_key_stuff() which was removed in a
previous update.
- Fix a bug in XTS key handling (bsc#1019637)
- Don't run FIPS power-up self-tests when the checksum files aren't
installed (bsc#1042392)
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1268=1 - SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1268=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1268=1 - SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1268=1 - SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1268=1 - SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1268=1 - SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1268=1 - OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1268=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
- libopenssl-devel-1.0.2j-60.11.2
- libopenssl1_0_0-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
- openssl-doc-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
- libopenssl-devel-1.0.2j-60.11.2
- libopenssl1_0_0-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP3 (noarch):
- openssl-doc-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
- libopenssl-devel-1.0.2j-60.11.2
- libopenssl1_0_0-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- SUSE Linux Enterprise Server 12-SP2 (noarch):
- openssl-doc-1.0.2j-60.11.2
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
- libopenssl-devel-1.0.2j-60.11.2
- libopenssl1_0_0-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
- libopenssl-devel-1.0.2j-60.11.2
- libopenssl1_0_0-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
- libopenssl1_0_0-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
References:
- https://bugzilla.suse.com/1019637
- https://bugzilla.suse.com/1027079
- https://bugzilla.suse.com/1027688
- https://bugzilla.suse.com/1027908
- https://bugzilla.suse.com/1028281
- https://bugzilla.suse.com/1028723
- https://bugzilla.suse.com/1029523
- https://bugzilla.suse.com/1042392
- https://bugzilla.suse.com/1044095
- https://bugzilla.suse.com/1044107
- https://bugzilla.suse.com/1044175
- https://bugzilla.suse.com/902364
SAP-Lösungen ausführen
SUSE for Public Cloud
Security
