Hello community, here is the log from the commit of package patchinfo.5650 for openSUSE:13.2:Update checked in at 2016-09-27 07:25:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5650 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.5650.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.5650" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="5650"> <issue id="993819" tracker="bnc">VUL-1: CVE-2016-2182: openssl: Check for errors in BN_bn2dec()</issue> <issue id="999666" tracker="bnc">VUL-0: CVE-2016-6304: openssl: OCSP Status Request extension unbounded memory growth</issue> <issue id="999665" tracker="bnc">VUL-0: [TRACKERBUG]: openssl: Security Advisory [22 Sep 2016]</issue> <issue id="995075" tracker="bnc">L3: sshd: fatal: cannot read from /dev/urandom, Interrupted system call</issue> <issue id="994749" tracker="bnc">VUL-0: CVE-2016-2181: openssl: Fix DTLS replay protection</issue> <issue id="999668" tracker="bnc">VUL-0: CVE-2016-6306: openssl: Certificate message OOB reads</issue> <issue id="998190" tracker="bnc">null pointer in openssl</issue> <issue id="983249" tracker="bnc">VUL-1: CVE-2016-2178: openssl: Fix DSA, preserve BN_FLG_CONSTTIME</issue> <issue id="988591" tracker="bnc">openSSL failure with large file transfers</issue> <issue id="982575" tracker="bnc">VUL-1: CVE-2016-2177: openssl: Avoid some undefined pointer arithmetic</issue> <issue id="995359" tracker="bnc">VUL-0: CVE-2016-2183: openssl: Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32)</issue> <issue id="990419" tracker="bnc">VUL-1: CVE-2016-2180: openssl: OOB read in TS_OBJ_print_bio()</issue> <issue id="994844" tracker="bnc">VUL-0: CVE-2016-2179: openssl1,openssl,compat-openssl098: remote denial of service via DTLS Finished Message</issue> <issue id="979475" tracker="bnc">openssl cms-test.pl failing due to expired certificates</issue> <issue id="995377" tracker="bnc">VUL-0: CVE-2016-6303: openssl: Avoid overflow in MDC2_Update</issue> <issue id="995324" tracker="bnc">VUL-1: CVE-2016-6302: openssl: Sanity check ticket length.</issue> <issue id="2016-6302" tracker="cve" /> <issue id="2016-6303" tracker="cve" /> <issue id="2016-6304" tracker="cve" /> <issue id="2016-6306" tracker="cve" /> <issue id="2016-2179" tracker="cve" /> <issue id="2016-2178" tracker="cve" /> <issue id="2016-2177" tracker="cve" /> <issue id="2016-2182" tracker="cve" /> <issue id="2016-2183" tracker="cve" /> <issue id="2016-2180" tracker="cve" /> <issue id="2016-2181" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>vitezslav_cizek</packager> <description> This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (boo#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (boo#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (boo#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (boo#983249) * DTLS buffered message DoS (CVE-2016-2179) (boo#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (boo#990419) * DTLS replay protection DoS (CVE-2016-2181) (boo#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (boo#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (boo#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (boo#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (boo#995377) * Certificate message OOB reads (CVE-2016-6306) (boo#999668) More information can be found on https://www.openssl.org/news/secadv/20160922.txt * update expired S/MIME certs (boo#979475) * allow >= 64GB AESGCM transfers (boo#988591) * fix crash in print_notice (boo#998190) * resume reading from /dev/urandom when interrupted by a signal (boo#995075) </description> <summary>Security update for openssl</summary> </patchinfo>