[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2021:0954-1 -- SLES libopenssl, openssl-1_1

ID: oval:org.secpod.oval:def:89044103Date: (C)2021-04-02   (M)2024-01-23
Class: PATCHFamily: unix




This update for openssl-1_1 fixes the following security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852]

Platform:
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 12 SP4
Product:
libopenssl
openssl-1_1
Reference:
SUSE-SU-2021:0954-1
CVE-2021-3449
CVE    1
CVE-2021-3449

© SecPod Technologies