Уведомление безопасности SUSE-SU-2017:3343-1

Уровень опасности

Средняя (5.0)

Оценка CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Производитель ПО

SUSE

Наименование ПО

libopenssl1_0_0 (any) libopenssl1_0_0-32bit (any) libopenssl1_0_0-debuginfo (any) libopenssl1_0_0-debuginfo-32bit (any) libopenssl1_0_0-hmac (any) libopenssl1_0_0-hmac-32bit (any) libopenssl-devel (any) openssl (any) openssl-debuginfo (any) openssl-debugsource (any) openssl-doc (any)

Описание

Уведомление безопасности об уязвимостях SUSE Linux Enterprise Software Development Kit 12-SP3, SUSE Linux Enterprise Software Development Kit 12-SP2, SUSE Linux Enterprise Desktop 12-SP2, SUSE Linux Enterprise Desktop 12-SP3, SUSE Container as a Service Platform ALL, OpenStack Cloud Magnum Orchestration 7, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

Как исправить

Проблема может быть решена обновлением операционной системы до следующих версий пакетов в зависимости от архитектуры:
SUSE Linux Enterprise Software Development Kit 12-SP3:
aarch64, ppc64le, s390x, x86_64:
libopenssl-devel - 1.0.2j-60.20.2
openssl-debuginfo - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
SUSE Linux Enterprise Software Development Kit 12-SP2:
aarch64, ppc64le, s390x, x86_64:
libopenssl-devel - 1.0.2j-60.20.2
openssl-debuginfo - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
SUSE Linux Enterprise Desktop 12-SP2:
x86_64:
libopenssl-devel - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo-32bit - 1.0.2j-60.20.2
openssl - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0-32bit - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
openssl-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0 - 1.0.2j-60.20.2
SUSE Linux Enterprise Desktop 12-SP3:
x86_64:
libopenssl-devel - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo-32bit - 1.0.2j-60.20.2
openssl - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0-32bit - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
openssl-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0 - 1.0.2j-60.20.2
SUSE Container as a Service Platform ALL:
x86_64:
openssl-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo - 1.0.2j-60.20.2
openssl - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
libopenssl1_0_0 - 1.0.2j-60.20.2
OpenStack Cloud Magnum Orchestration 7:
x86_64:
openssl-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo - 1.0.2j-60.20.2
openssl - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
libopenssl1_0_0 - 1.0.2j-60.20.2
SUSE Linux Enterprise Server 12-SP2:
aarch64, ppc64le, s390x, x86_64:
libopenssl-devel - 1.0.2j-60.20.2
libopenssl1_0_0-hmac - 1.0.2j-60.20.2
openssl - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
openssl-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0 - 1.0.2j-60.20.2
SUSE Linux Enterprise Server 12-SP2:
s390x, x86_64:
libopenssl1_0_0-32bit - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo-32bit - 1.0.2j-60.20.2
libopenssl1_0_0-hmac-32bit - 1.0.2j-60.20.2
SUSE Linux Enterprise Server 12-SP2:
noarch:
openssl-doc - 1.0.2j-60.20.2
SUSE Linux Enterprise Server 12-SP3:
aarch64, ppc64le, s390x, x86_64:
libopenssl-devel - 1.0.2j-60.20.2
libopenssl1_0_0-hmac - 1.0.2j-60.20.2
openssl - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
openssl-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0 - 1.0.2j-60.20.2
SUSE Linux Enterprise Server 12-SP3:
s390x, x86_64:
libopenssl1_0_0-32bit - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo-32bit - 1.0.2j-60.20.2
libopenssl1_0_0-hmac-32bit - 1.0.2j-60.20.2
SUSE Linux Enterprise Server 12-SP3:
noarch:
openssl-doc - 1.0.2j-60.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
aarch64:
libopenssl-devel - 1.0.2j-60.20.2
libopenssl1_0_0-hmac - 1.0.2j-60.20.2
openssl - 1.0.2j-60.20.2
libopenssl1_0_0-debuginfo - 1.0.2j-60.20.2
openssl-debugsource - 1.0.2j-60.20.2
openssl-debuginfo - 1.0.2j-60.20.2
libopenssl1_0_0 - 1.0.2j-60.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
noarch:
openssl-doc - 1.0.2j-60.20.2

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00074.html
https://bugzilla.suse.com/1071905
https://bugzilla.suse.com/1071906

Источник: CVE
Наименование: CVE-2017-3732
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732

Источник: CVE
Наименование: CVE-2016-0701
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701

Источник: CVE
Наименование: CVE-2015-3193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193

Источник: CVE
Наименование: CVE-2017-3736
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736

Источник: CVE
Наименование: CVE-2017-3737
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737

Источник: CVE
Наименование: CVE-2017-3738
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738

Уведомление безопасности VuXML #ddecde18-e33b-11e7-a293-54e1ad3d6335 Обход ограничений политики доступа

Назад к списку уязвимостей

Уведомление безопасности SUSE-SU-2017:3343-1

Карточка уязвимости

Характеристики уязвимости