Bug 963410

Summary: VUL-0: [TRACKERBUG] openssl: 2016-01-28 security releases
Product: [Novell Products] SUSE Security Incidents Reporter: Andreas Stieger <astieger>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED MOVED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: brendon.caligari, hannsj_uhl, meissner, roger.whittaker, vcizek
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 963413, 963415    

Description Andreas Stieger 2016-01-25 12:16:55 UTC

Forthcoming OpenSSL releases

The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2f, 1.0.1r.

These releases will be made available on 28th January between approx.  1pm and
5pm (UTC). They will fix two security defects, one of "high" severity affecting
1.0.2 releases, and one "low" severity affecting all releases.

Please see the following page for further details of severity levels:

Please also note that, as per our previous announcements, support for 1.0.0 and
0.9.8 releases ended on 31st December 2015 and are no longer receiving security
updates.  Support for 1.0.1 will end on 31st December 2016.


The OpenSSL Project Team

Tracker bug, details received via pre-notifications will be put into separate items.

Based on the public pre-notification information:
* the highest rating for any SUSE Linux Enterprise product is "low"
* the highest rating for any openSUSE stable release is "low"
* for openSUSE Tumbleweed the rating is "high"
Comment 1 Swamp Workflow Management 2016-01-25 23:00:16 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-01-28 14:52:06 UTC
bug 963413 (CVE-2016-0701) SLE not affected, affects openSUSE Tumbleweed only.

bug 963415 (CVE-2015-3197) SLE is affected, LOW severity. Will be included in the next available openSSL update.
Comment 3 Bernhard Wiedemann 2016-01-28 16:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (963410) was mentioned in
https://build.opensuse.org/request/show/356565 Factory / openssl
Comment 4 Bernhard Wiedemann 2016-02-08 14:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (963410) was mentioned in
https://build.opensuse.org/request/show/358362 Factory / openssl