commit patchinfo.5650 for openSUSE:13.2:Update

h_root Mon, 26 Sep 2016 22:25:31 -0700

Hello community,

here is the log from the commit of package patchinfo.5650 for 
openSUSE:13.2:Update checked in at 2016-09-27 07:25:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5650 (Old)
 and      /work/SRC/openSUSE:13.2:Update/.patchinfo.5650.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "patchinfo.5650"

Changes:
--------
New Changes file:

NO CHANGES FILE!!!

New:
----
  _patchinfo

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="5650">
  <issue id="993819" tracker="bnc">VUL-1: CVE-2016-2182: openssl: Check for 
errors in BN_bn2dec()</issue>
  <issue id="999666" tracker="bnc">VUL-0: CVE-2016-6304: openssl: OCSP Status 
Request extension unbounded memory growth</issue>
  <issue id="999665" tracker="bnc">VUL-0: [TRACKERBUG]: openssl: Security 
Advisory [22 Sep 2016]</issue>
  <issue id="995075" tracker="bnc">L3: sshd: fatal: cannot read from 
/dev/urandom, Interrupted system call</issue>
  <issue id="994749" tracker="bnc">VUL-0: CVE-2016-2181: openssl: Fix DTLS 
replay protection</issue>
  <issue id="999668" tracker="bnc">VUL-0: CVE-2016-6306: openssl: Certificate 
message OOB reads</issue>
  <issue id="998190" tracker="bnc">null pointer in openssl</issue>
  <issue id="983249" tracker="bnc">VUL-1: CVE-2016-2178: openssl: Fix DSA, 
preserve BN_FLG_CONSTTIME</issue>
  <issue id="988591" tracker="bnc">openSSL failure with large file 
transfers</issue>
  <issue id="982575" tracker="bnc">VUL-1: CVE-2016-2177: openssl: Avoid some 
undefined pointer arithmetic</issue>
  <issue id="995359" tracker="bnc">VUL-0: CVE-2016-2183: openssl: Birthday 
attacks on 64-bit block ciphers aka triple-des (SWEET32)</issue>
  <issue id="990419" tracker="bnc">VUL-1: CVE-2016-2180: openssl: OOB read in 
TS_OBJ_print_bio()</issue>
  <issue id="994844" tracker="bnc">VUL-0: CVE-2016-2179: 
openssl1,openssl,compat-openssl098: remote denial of service via DTLS Finished 
Message</issue>
  <issue id="979475" tracker="bnc">openssl cms-test.pl failing due to expired 
certificates</issue>
  <issue id="995377" tracker="bnc">VUL-0: CVE-2016-6303: openssl: Avoid 
overflow in MDC2_Update</issue>
  <issue id="995324" tracker="bnc">VUL-1: CVE-2016-6302: openssl: Sanity check 
ticket length.</issue>
  <issue id="2016-6302" tracker="cve" />
  <issue id="2016-6303" tracker="cve" />
  <issue id="2016-6304" tracker="cve" />
  <issue id="2016-6306" tracker="cve" />
  <issue id="2016-2179" tracker="cve" />
  <issue id="2016-2178" tracker="cve" />
  <issue id="2016-2177" tracker="cve" />
  <issue id="2016-2182" tracker="cve" />
  <issue id="2016-2183" tracker="cve" />
  <issue id="2016-2180" tracker="cve" />
  <issue id="2016-2181" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>vitezslav_cizek</packager>
  <description>
This update for openssl fixes the following issues:


OpenSSL Security Advisory [22 Sep 2016] (boo#999665)

Severity: High
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304) 
(boo#999666)

Severity: Low
* Pointer arithmetic undefined behaviour (CVE-2016-2177) (boo#982575)
* Constant time flag not preserved in DSA signing (CVE-2016-2178) (boo#983249)
* DTLS buffered message DoS (CVE-2016-2179) (boo#994844)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (boo#990419)
* DTLS replay protection DoS (CVE-2016-2181) (boo#994749)
* OOB write in BN_bn2dec() (CVE-2016-2182) (boo#993819)
* Birthday attack against 64-bit block ciphers (SWEET32)
    (CVE-2016-2183) (boo#995359)
* Malformed SHA512 ticket DoS (CVE-2016-6302) (boo#995324)
* OOB write in MDC2_Update() (CVE-2016-6303) (boo#995377)
* Certificate message OOB reads (CVE-2016-6306) (boo#999668)

More information can be found on 
https://www.openssl.org/news/secadv/20160922.txt

* update expired S/MIME certs (boo#979475)
* allow &gt;= 64GB AESGCM transfers (boo#988591)
* fix crash in print_notice (boo#998190)
* resume reading from /dev/urandom when interrupted by a signal
  (boo#995075)
</description>
  <summary>Security update for openssl</summary>
</patchinfo>

commit patchinfo.5650 for openSUSE:13.2:Update

Reply via email to