Security update for OpenSSL
|References:||#779952 #802648 #802746|
An update that solves two vulnerabilities and has one errata is now available.
OpenSSL has been updated to fix several security issues:
* CVE-2012-4929: Avoid the openssl CRIME attack by
disabling SSL compression by default. Setting the
environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no"
enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be
used by physically local attackers to gain access to
transmitted plain text or private keymaterial. This issue
is also known as the "Lucky-13" issue.
* CVE-2013-0166: A OCSP invalid key denial of service
issue was fixed.
Security Issue references:
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
- SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):