SUSE-SU-2021:0954-1 -- SLES libopenssl, openssl-1_1ID: oval:org.secpod.oval:def:89044103 | Date: (C)2021-04-02 (M)2024-01-23 |
Class: PATCH | Family: unix |
This update for openssl-1_1 fixes the following security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852]
Platform: |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |
Product: |
libopenssl |
openssl-1_1 |