openssl/README.SUSE
Stephan Kulow 0985bc43b2 Accepting request 245642 from Base:System
- openssl.keyring: the 1.0.1i release was done by 
  Matt Caswell <matt@openssl.org> UK 0E604491

- rename README.SuSE (old spelling) to README.SUSE (bnc#889013)

- update to 1.0.1i
  * Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
    SRP code can be overrun an internal buffer. Add sanity check that
    g, A, B < N to SRP code.
    (CVE-2014-3512)
  * A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
    TLS 1.0 instead of higher protocol versions when the ClientHello message
    is badly fragmented. This allows a man-in-the-middle attacker to force a
    downgrade to TLS 1.0 even if both the server and the client support a
    higher protocol version, by modifying the client's TLS records.
    (CVE-2014-3511)
  * OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
    to a denial of service attack. A malicious server can crash the client
    with a null pointer dereference (read) by specifying an anonymous (EC)DH
    ciphersuite and sending carefully crafted handshake messages.
    (CVE-2014-3510)
  * By sending carefully crafted DTLS packets an attacker could cause openssl
    to leak memory. This can be exploited through a Denial of Service attack.
    (CVE-2014-3507)
  * An attacker can force openssl to consume large amounts of memory whilst
    processing DTLS handshake messages. This can be exploited through a
    Denial of Service attack.
    (CVE-2014-3506)
  * An attacker can force an error condition which causes openssl to crash
    whilst processing DTLS packets due to memory being freed twice. This

OBS-URL: https://build.opensuse.org/request/show/245642
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=121
2014-08-25 09:03:07 +00:00

10 lines
370 B
Plaintext

Please note that the man pages for the openssl libraries and tools
have been placed in a package on its own right: openssl-doc Please
install the openssl-doc package if you need the man pages, HTML
documentation or sample C programs.
The C header files and static libraries have also been extracted, they
can now be found in the openssl-devel package.
Your SuSE Team.