[security-announce] SUSE-SU-2012:1149-2: important: Security update for compat-openssl097g

[news 28]

SUSE Security Update: Security update for compat-openssl097g

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2012:1149-2

Rating: important

References: #758060

Cross-References: CVE-2012-2110

Affected Products:

SUSE Linux Enterprise for SAP Applications 11 SP1

______________________________________________________________________________

 

An update that fixes one vulnerability is now available.

 

Description:

 

 

This compat-openssl097g rollup update contains various

security fixes:

 

* CVE-2012-2131,CVE-2012-2110: incorrect integer

conversions in OpenSSL can result in memory corruption

during buffer management operations.

 

Security Issue reference:

 

* CVE-2012-2110

 

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise for SAP Applications 11 SP1:

 

zypper in -t patch slesapp1-compat-openssl097g-6759

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64):

 

compat-openssl097g-0.9.7g-146.22.1

compat-openssl097g-32bit-0.9.7g-146.22.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2012-2110.html

https://bugzilla.novell.com/758060

http://download.novell.com/patch/finder/?keywords=63d3bb985d9697c7284e64028ed49208

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org