OpenSSL Security Advisory (05 June 2014) and Open Enterprise Server 2 SP3.
This document (7015300) is provided subject to the disclaimer at the end of this document.
Novell Open Enterprise Server 2 Linux Support Pack 3 (OES 2 SP3)
Novell Open Enterprise Server 2 SP3 General support has ended on 31 July 2013.
On 05 June 2014, a OpenSSL Security Advisory was published, detailing a set of OpenSSL related vulnerabilities for which customers are advised to upgrade.
Due to the current extended support status for Novell Open Enterprise Server 2 SP3, the Novell and SUSE teams have closely collaborated to make these fix available for Novell OES2 SP3 customers.
The following security issues were fixed with this patch (bnc#880891) :
- SSL/TLS MITM vulnerability (CVE-2014-0224)
- DTLS recursion flaw (CVE-2014-0221)
- Anonymous ECDH denial of service (CVE-2014-3470)
- Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could have been recovered (CVE-2014-0076)
Other issues which are also fixed in this release :
- Ensures that the stack is marked non-executable on x86 32bit. On other processor platforms it was already marked as non-executable before (bnc#870192).
- IPv6 support was added to the openssl s_client and s_server command line tool (bnc#859228).
- The openssl command line tool now checks certificates by default against /etc/ssl/certs (this can be changed via the -CApath option) (bnc#860332).
- The Elliptic Curve Diffie-Hellman key exchange selector was enabled and can be selected by kECDHE, kECDH, ECDH tags in the SSL cipher string (bnc#859924).
- If an optional openssl1 command line tool is installed in parallel, c_rehash uses it to generate certificate hashes in both OpenSSL 0 and OpenSSL 1 style. This allows parallel usage of OpenSSL 0.9.8j and OpenSSL 1.x client libraries with a shared certificate store (bnc#862181).
Link to the OpenSSL advisory for the latest details : http://www.openssl.org/news/secadv_20140605.txt
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7015300
- Creation Date:01-JUL-14
- Modified Date:01-JUL-14
- NovellOpen Enterprise Server
- SUSESUSE Linux Enterprise Server
Did this document solve your problem? Provide Feedback