Recommended update for openssl
Announcement ID: | SUSE-RU-2017:2059-1 |
---|---|
Rating: | moderate |
References: | |
Affected Products: |
|
An update that has 12 fixes can now be installed.
Description:
This update for openssl fixes the following issues including fixes for our ongoing FIPS 140-2 evaluation:
- Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32 problem (bsc#1027908)
- Use getrandom syscall instead of reading from /dev/urandom to get at least 128 bits of entropy to comply with FIPS 140.2 IG 7.14 (bsc#1027079 bsc#1044175)
- Fix x86 extended feature detection (bsc#1029523)
- Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap" environmental variable (bsc#1028723)
- s_client sent empty client certificate (bsc#1028281) Add back certificate initialization set_cert_key_stuff() which was removed in a previous update.
- Fix a bug in XTS key handling (bsc#1019637)
- Don't run FIPS power-up self-tests when the checksum files aren't installed (bsc#1042392)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Magnum Orchestration 7
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1268=1
-
SUSE Linux Enterprise Desktop 12 SP2
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1268=1
-
SUSE Linux Enterprise Desktop 12 SP3
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1268=1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1268=1
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1268=1
-
SUSE Linux Enterprise Software Development Kit 12 SP3
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1268=1
-
SUSE Linux Enterprise High Performance Computing 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1268=1
-
SUSE Linux Enterprise Server 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1268=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1268=1
-
SUSE Linux Enterprise Server 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1268=1
-
SUSE Linux Enterprise High Performance Computing 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1268=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1268=1
Package List:
-
Magnum Orchestration 7 (x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
-
SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
-
SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
- openssl-doc-1.0.2j-60.11.2
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
-
SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
- openssl-doc-1.0.2j-60.11.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (x86_64)
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server 12 SP2 (noarch)
- openssl-doc-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server 12 SP2 (s390x x86_64)
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
- openssl-doc-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server 12 SP3 (noarch)
- openssl-doc-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server 12 SP3 (s390x x86_64)
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (noarch)
- openssl-doc-1.0.2j-60.11.2
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (x86_64)
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
- libopenssl1_0_0-1.0.2j-60.11.2
- openssl-1.0.2j-60.11.2
- openssl-debugsource-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-1.0.2j-60.11.2
- libopenssl-devel-1.0.2j-60.11.2
- openssl-debuginfo-1.0.2j-60.11.2
- libopenssl1_0_0-hmac-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (noarch)
- openssl-doc-1.0.2j-60.11.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (x86_64)
- libopenssl1_0_0-hmac-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.11.2
- libopenssl1_0_0-32bit-1.0.2j-60.11.2
References:
- https://bugzilla.suse.com/show_bug.cgi?id=1019637
- https://bugzilla.suse.com/show_bug.cgi?id=1027079
- https://bugzilla.suse.com/show_bug.cgi?id=1027688
- https://bugzilla.suse.com/show_bug.cgi?id=1027908
- https://bugzilla.suse.com/show_bug.cgi?id=1028281
- https://bugzilla.suse.com/show_bug.cgi?id=1028723
- https://bugzilla.suse.com/show_bug.cgi?id=1029523
- https://bugzilla.suse.com/show_bug.cgi?id=1042392
- https://bugzilla.suse.com/show_bug.cgi?id=1044095
- https://bugzilla.suse.com/show_bug.cgi?id=1044107
- https://bugzilla.suse.com/show_bug.cgi?id=1044175
- https://bugzilla.suse.com/show_bug.cgi?id=902364