Bug 963410 - VUL-0: [TRACKERBUG] openssl: 2016-01-28 security releases
VUL-0: [TRACKERBUG] openssl: 2016-01-28 security releases
Status: RESOLVED MOVED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks: CVE-2016-0701 CVE-2015-3197
  Show dependency treegraph
 
Reported: 2016-01-25 12:16 UTC by Andreas Stieger
Modified: 2016-02-09 19:28 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-01-25 12:16:55 UTC
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html

Forthcoming OpenSSL releases
============================

The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2f, 1.0.1r.

These releases will be made available on 28th January between approx.  1pm and
5pm (UTC). They will fix two security defects, one of "high" severity affecting
1.0.2 releases, and one "low" severity affecting all releases.

Please see the following page for further details of severity levels:
https://www.openssl.org/policies/secpolicy.html

Please also note that, as per our previous announcements, support for 1.0.0 and
0.9.8 releases ended on 31st December 2015 and are no longer receiving security
updates.  Support for 1.0.1 will end on 31st December 2016.

Yours

The OpenSSL Project Team


Tracker bug, details received via pre-notifications will be put into separate items.

Based on the public pre-notification information:
* the highest rating for any SUSE Linux Enterprise product is "low"
* the highest rating for any openSUSE stable release is "low"
* for openSUSE Tumbleweed the rating is "high"
Comment 1 Swamp Workflow Management 2016-01-25 23:00:16 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-01-28 14:52:06 UTC
bug 963413 (CVE-2016-0701) SLE not affected, affects openSUSE Tumbleweed only.

bug 963415 (CVE-2015-3197) SLE is affected, LOW severity. Will be included in the next available openSSL update.
Comment 3 Bernhard Wiedemann 2016-01-28 16:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (963410) was mentioned in
https://build.opensuse.org/request/show/356565 Factory / openssl
Comment 4 Bernhard Wiedemann 2016-02-08 14:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (963410) was mentioned in
https://build.opensuse.org/request/show/358362 Factory / openssl