[Tech ARP] Desktop Graphics Card Comparison Guide Rev. 31.7

[news 28]

Dear openSUSE users,

 

The OpenSSL Project recently pre-announced [1], and how has released [2]

an advisory for a security issue with a severity rated "high". This was

picked up in various news articles [3] [4]. A detail which was not known

to the general public at the time when these were written was that the

issue affects 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o specifically. The fixed

releases are 1.0.1p and 1.0.2d, and CVE-2015-1793 was assigned to the issue.

 

The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected.

The openSUSE Tumbleweed distribution never received a vulnerable version

and was never affected. The next submission into Factory will skip any

vulnerable versions.

 

We have updated the Bugzilla entry [5] and CVE page [6] to that effect.

 

[1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html

[2] https://www.openssl.org/news/secadv_20150709.txt

[3]

http://www.heise.de/security/meldung/Kritischer-OpenSSL-Patch-voraus-2739804.html

[4]

http://www.securityweek.com/openssl-preparing-updates-patch-high-severity-vulnerability

[5] https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2015-1793

[6] https://www.suse.com/security/cve/CVE-2015-1793.html

 

On behalf of the SUSE Security team,

Andreas Stieger

 

--

Andreas Stieger <astieger ( -at -) suse.com>

Project Manager Security

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)