My Favorites


Please to see your favorites.

  • Bookmark
  • Email Document
  • Printer Friendly
  • Favorite
  • Rating:

OpenSSL Security Advisory (05 June 2014) and Open Enterprise Server 11 SP1.

This document (7015264) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
Novell Open Enterprise Server 11 Linux Support Pack 1 (OES 11 SP1)


SUSE Linux Enterprise Server 11 SP2 General support has ended on 31 Jan 2014.
Novell Open Enterprise Server 11 SP1 General support ends on 29 Jan 2015.

On 05 June 2014, a OpenSSL Security Advisory was published, detailing a set of OpenSSL related vulnerabilities for which customers are advised to upgrade.
Due to the current support status for Novell Open Enterprise Server 11 SP1, the Novell and SUSE teams have closely collaborated to make these fix available for Novell OES11 SP1 customers.


The oes11sp1-openssl-9354 patch containing mentioned fixes for OpenSSL on SLES 11 SP2  is released through the public OES11 SP1 patch repositories on June 23, 2014.

The following security issues were fixed with this patch (bnc#880891) :

- SSL/TLS MITM vulnerability (CVE-2014-0224)
- DTLS recursion flaw (CVE-2014-0221)
- Anonymous ECDH denial of service (CVE-2014-3470)
- Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could have been recovered (CVE-2014-0076)

Other issues which are also fixed in this release :

- Ensures that the stack is marked non-executable on x86 32bit. On other processor platforms it was already marked as non-executable before (bnc#870192).
- IPv6 support was added to the openssl s_client and s_server command line tool (bnc#859228).
- The openssl command line tool now checks certificates by default against /etc/ssl/certs (this can be changed via the -CApath option) (bnc#860332).
- The Elliptic Curve Diffie-Hellman key exchange selector was enabled and can be selected by kECDHE, kECDH, ECDH tags in the SSL cipher string (bnc#859924).
- If an optional openssl1 command line tool is installed in parallel, c_rehash uses it to generate certificate hashes in both OpenSSL 0 and OpenSSL 1 style. This allows parallel usage of OpenSSL 0.9.8j and OpenSSL 1.x client libraries with a shared certificate store (bnc#862181).

Link to the OpenSSL advisory for the latest details :


Multiple OpenSSL related security vulnerabilities.


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7015264
  • Creation Date:23-JUN-14
  • Modified Date:01-JUL-14
    • NovellOpen Enterprise Server
    • SUSESUSE Linux Enterprise Server
< Back to Support Search

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center