Izdana je nadogradnja za programski paket compat-openssl097g koja ispravlja nekoliko sigurnosnih propusta. Napadaču omogućuju zaobilaženje postavljenih ograničenja, izvođenje DoS napada te umetanje podataka u HTTPS sjednice.

   SUSE Security Update: Security update for compat-openssl097g
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0847-1
Rating:             important
References:         #707069 
Cross-References:   CVE-2008-5077 CVE-2009-0590 CVE-2009-0789
                    CVE-2009-3555 CVE-2010-4180
Affected Products:
                    SUSE Linux Enterprise Teradata 10 SP3
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Server 10 SP3
                    SUSE Linux Enterprise Desktop 11 SP1
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:


   This update adds openssl patches since 2007 for:

   * CVE-2009-0590
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
   >
   * CVE-2008-5077
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
   >
   * CVE-2009-0789
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789
   >
   * CVE-2009-3555
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
   >
   * CVE-2010-4180
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
   >

Indications:

   Please update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-compat-openssl097g-4913

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Teradata 10 SP3 (x86_64):

      compat-openssl097g-0.9.7g-13.21.1
      compat-openssl097g-32bit-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      compat-openssl097g-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      compat-openssl097g-32bit-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP4 (ia64):

      compat-openssl097g-x86-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      compat-openssl097g-64bit-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

      compat-openssl097g-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP3 (s390x x86_64):

      compat-openssl097g-32bit-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP3 (ia64):

      compat-openssl097g-x86-0.9.7g-13.21.1

   - SUSE Linux Enterprise Server 10 SP3 (ppc):

      compat-openssl097g-64bit-0.9.7g-13.21.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

      compat-openssl097g-0.9.7g-146.20.1

   - SUSE Linux Enterprise Desktop 11 SP1 (x86_64):

      compat-openssl097g-32bit-0.9.7g-146.20.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      compat-openssl097g-0.9.7g-13.21.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      compat-openssl097g-32bit-0.9.7g-13.21.1


References:

   http://support.novell.com/security/cve/CVE-2008-5077.html
   http://support.novell.com/security/cve/CVE-2009-0590.html
   http://support.novell.com/security/cve/CVE-2009-0789.html
   http://support.novell.com/security/cve/CVE-2009-3555.html
   http://support.novell.com/security/cve/CVE-2010-4180.html
   https://bugzilla.novell.com/707069
  
http://download.novell.com/patch/finder/?keywords=6deef59a2e94ee7d0f87aa2f497078c7
  
http://download.novell.com/patch/finder/?keywords=78caf50c2261c865e06e92ff68d948da
  
http://download.novell.com/patch/finder/?keywords=79f88b4366b267744a8056a0b1669fb3

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.