Security update for OpenSSL

SUSE Security Update: Security update for OpenSSL
Announcement ID: SUSE-SU-2012:0479-1
Rating: moderate
References: #748738 #749210 #749213 #751946 #751977
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11 SP2
  • SUSE Linux Enterprise Software Development Kit 11 SP1
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise Server 11 SP1 for VMware
  • SUSE Linux Enterprise Server 11 SP1
  • SUSE Linux Enterprise Desktop 11 SP2
  • SUSE Linux Enterprise Desktop 11 SP1

  • An update that solves three vulnerabilities and has two fixes is now available. It includes one version update.

    Description:


    The following security issues have been fixed:

    *

    Specially crafted MIME headers could cause openssl's
    ans1 parser to dereference a NULL pointer leading to a
    Denial of Service (CVE-2006-7250) or fail verfication
    (CVE-2012-1165).

    *

    The implementation of Cryptographic Message Syntax
    (CMS) and PKCS #7 in OpenSSL was vulnerable to a Million
    Message Attack (MMA) adaptive chosen ciphertext attack
    (CVE-2012-0884).

    Additionally, the following issues have been fixed:

    * bnc#749213 - Free headers after use in error message
    * bnc#749210 - Symmetric crypto errors in PKCS7_decrypt
    * bnc#749735 - Memory leak when creating public keys

    Security Issue references:

    * CVE-2006-7250
    >
    * CVE-2012-1165
    >
    * CVE-2012-0884
    >

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11 SP2:
      zypper in -t patch sdksp1-libopenssl-devel-6054
    • SUSE Linux Enterprise Software Development Kit 11 SP1:
      zypper in -t patch sdksp1-libopenssl-devel-6054
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp1-libopenssl-devel-6054
    • SUSE Linux Enterprise Server 11 SP1 for VMware:
      zypper in -t patch slessp1-libopenssl-devel-6054
    • SUSE Linux Enterprise Server 11 SP1:
      zypper in -t patch slessp1-libopenssl-devel-6054
    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp1-libopenssl-devel-6054
    • SUSE Linux Enterprise Desktop 11 SP1:
      zypper in -t patch sledsp1-libopenssl-devel-6054

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]:
    • libopenssl-devel-0.9.8j-0.32.1
    • SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]:
    • libopenssl-devel-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-0.9.8j-0.32.1
    • openssl-0.9.8j-0.32.1
    • openssl-doc-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-32bit-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-x86-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-0.9.8j-0.32.1
    • openssl-0.9.8j-0.32.1
    • openssl-doc-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-32bit-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-0.9.8j-0.32.1
    • openssl-0.9.8j-0.32.1
    • openssl-doc-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-32bit-0.9.8j-0.32.1
    • SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-x86-0.9.8j-0.32.1
    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-0.9.8j-0.32.1
    • openssl-0.9.8j-0.32.1
    • SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-32bit-0.9.8j-0.32.1
    • SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-0.9.8j-0.32.1
    • openssl-0.9.8j-0.32.1
    • SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 0.9.8j]:
    • libopenssl0_9_8-32bit-0.9.8j-0.32.1

    References:

    • http://support.novell.com/security/cve/CVE-2006-7250.html
    • http://support.novell.com/security/cve/CVE-2012-0884.html
    • http://support.novell.com/security/cve/CVE-2012-1165.html
    • https://bugzilla.novell.com/748738
    • https://bugzilla.novell.com/749210
    • https://bugzilla.novell.com/749213
    • https://bugzilla.novell.com/751946
    • https://bugzilla.novell.com/751977
    • http://download.suse.com/patch/finder/?keywords=5c8a36f85c32f7d2796329c6695e45e9