OpenSSL Security Advisory (05 June 2014) and Open Enterprise Server 11 SP1.
This document (7015264) is provided subject to the disclaimer at the end of this document.
Novell Open Enterprise Server 11 Linux Support Pack 1 (OES 11 SP1)
Novell Open Enterprise Server 11 SP1 General support ends on 29 Jan 2015.
On 05 June 2014, a OpenSSL Security Advisory was published, detailing a set of OpenSSL related vulnerabilities for which customers are advised to upgrade.
Due to the current support status for Novell Open Enterprise Server 11 SP1, the Novell and SUSE teams have closely collaborated to make these fix available for Novell OES11 SP1 customers.
The following security issues were fixed with this patch (bnc#880891) :
- SSL/TLS MITM vulnerability (CVE-2014-0224)
- DTLS recursion flaw (CVE-2014-0221)
- Anonymous ECDH denial of service (CVE-2014-3470)
- Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could have been recovered (CVE-2014-0076)
Other issues which are also fixed in this release :
- Ensures that the stack is marked non-executable on x86 32bit. On other processor platforms it was already marked as non-executable before (bnc#870192).
- IPv6 support was added to the openssl s_client and s_server command line tool (bnc#859228).
- The openssl command line tool now checks certificates by default against /etc/ssl/certs (this can be changed via the -CApath option) (bnc#860332).
- The Elliptic Curve Diffie-Hellman key exchange selector was enabled and can be selected by kECDHE, kECDH, ECDH tags in the SSL cipher string (bnc#859924).
- If an optional openssl1 command line tool is installed in parallel, c_rehash uses it to generate certificate hashes in both OpenSSL 0 and OpenSSL 1 style. This allows parallel usage of OpenSSL 0.9.8j and OpenSSL 1.x client libraries with a shared certificate store (bnc#862181).
Link to the OpenSSL advisory for the latest details : http://www.openssl.org/news/secadv_20140605.txt
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7015264
- Creation Date:23-JUN-14
- Modified Date:01-JUL-14
- NovellOpen Enterprise Server
- SUSESUSE Linux Enterprise Server