Security update for compat-openssl098 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2349-1 Final 1 1 2015-12-23T11:55:01Z current 2015-12-23T11:55:01Z 2015-12-23T11:55:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for compat-openssl098 This update for compat-openssl098 fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) Non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html E-Mail link for openSUSE-SU-2015:2349-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 compat-openssl098-0.9.8j-6.1 libopenssl0_9_8-0.9.8j-6.1 libopenssl0_9_8-32bit-0.9.8j-6.1 compat-openssl098-0.9.8j-6.1 as a component of openSUSE Leap 42.1 libopenssl0_9_8-0.9.8j-6.1 as a component of openSUSE Leap 42.1 libopenssl0_9_8-32bit-0.9.8j-6.1 as a component of openSUSE Leap 42.1 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. CVE-2015-3195 openSUSE Leap 42.1:compat-openssl098-0.9.8j-6.1 openSUSE Leap 42.1:libopenssl0_9_8-0.9.8j-6.1 openSUSE Leap 42.1:libopenssl0_9_8-32bit-0.9.8j-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html https://www.suse.com/security/cve/CVE-2015-3195.html CVE-2015-3195 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/957812 SUSE Bug 957812 https://bugzilla.suse.com/957815 SUSE Bug 957815 https://bugzilla.suse.com/958768 SUSE Bug 958768 https://bugzilla.suse.com/963977 SUSE Bug 963977 https://bugzilla.suse.com/986238 SUSE Bug 986238