Bugzilla – Bug 880891
VUL-0: OpenSSL: OpenSSL security release June 5th
Last modified: 2022-02-16 21:15:06 UTC
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-06-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57639
Affected packages: SLE-11-SP3: openssl SLE-11-SP2: openssl SLE-11-SP1: openssl SLE-10-SP3-TERADATA: openssl SLE-9-SP3-TERADATA: openssl SLE-10-SP4: openssl
Submit requests for SLE11/SLE10/SLE9 already.
This just went public, see www.openssl.org Please submit for openSUSE 12.3, 13.1, Factory and also SLES 12. (I would say minor version upgrades to 1.0.1h)
http://www.openssl.org/news/secadv_20140605.txt OpenSSL Security Advisory [05 Jun 2014] ======================================== SSL/TLS MITM vulnerability (CVE-2014-0224) =========================================== An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC. The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi. DTLS recursion flaw (CVE-2014-0221) ==================================== By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. DTLS invalid fragment vulnerability (CVE-2014-0195) ==================================================== A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI. The fix was developed by Stephen Henson of the OpenSSL core team. SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) ================================================================= A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team. SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) =============================================================================== A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. Anonymous ECDH denial of service (CVE-2014-3470) ================================================ OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. Other issues ============ OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt Note: the online version of the advisory may be updated with additional details over time.
This is an autogenerated message for OBS integration: This bug (880891) was mentioned in https://build.opensuse.org/request/show/236399 Factory / openssl
Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-64bit, libopenssl0_9_8-hmac, libopenssl0_9_8-hmac-32bit, libopenssl0_9_8-hmac-64bit, libopenssl0_9_8-hmac-x86, libopenssl0_9_8-x86, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-hmac, libopenssl0_9_8-hmac-32bit, libopenssl0_9_8-hmac-x86, libopenssl0_9_8-x86, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc Products: SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64) SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-hmac, libopenssl0_9_8-hmac-32bit, libopenssl0_9_8-hmac-x86, libopenssl0_9_8-x86, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0759-1: An update that fixes three vulnerabilities is now available. Category: security (critical) Bug References: 880891 CVE References: CVE-2014-0221,CVE-2014-0224,CVE-2014-3470 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): openssl-0.9.8j-0.58.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): openssl-0.9.8j-0.58.1 SUSE Linux Enterprise Server 11 SP3 (src): openssl-0.9.8j-0.58.1 SUSE Linux Enterprise Desktop 11 SP3 (src): openssl-0.9.8j-0.58.1
SUSE-SU-2014:0761-1: An update that solves four vulnerabilities and has three fixes is now available. Category: security (critical) Bug References: 859228,859924,860332,862181,869945,870192,880891 CVE References: CVE-2014-0076,CVE-2014-0221,CVE-2014-0224,CVE-2014-3470 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): openssl-0.9.8j-0.58.1 SUSE Linux Enterprise Server 11 SP1 LTSS (src): openssl-0.9.8j-0.58.1
Update released for: libopenssl1-devel, libopenssl1-devel-32bit, libopenssl1-devel-64bit, libopenssl1_0_0, libopenssl1_0_0-32bit, libopenssl1_0_0-64bit, libopenssl1_0_0-x86, openssl1, openssl1-debuginfo, openssl1-debugsource, openssl1-doc Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SECURITY (i386, ia64, ppc64, s390x, x86_64)
SUSE-SU-2014:0762-1: An update that fixes 5 vulnerabilities is now available. Category: security (critical) Bug References: 876282,880891 CVE References: CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-3470 Sources used: SUSE Linux Enterprise Security Module 11 SP3 (src): openssl1-1.0.1g-0.16.1
openSUSE-SU-2014:0764-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 880891 CVE References: CVE-2014-0195,CVE-2014-0221,CVE-2014-0224,CVE-2014-3470 Sources used: openSUSE 13.1 (src): openssl-1.0.1h-11.48.1 openSUSE 12.3 (src): openssl-1.0.1h-1.60.1
This is an autogenerated message for OBS integration: This bug (880891) was mentioned in https://build.opensuse.org/request/show/236457 Factory / openssl
Update released for: openssl, openssl-devel, openssl-doc Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: openssl, openssl-32bit, openssl-debuginfo, openssl-devel, openssl-devel-32bit, openssl-doc, openssl-x86 Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: openssl, openssl-devel, openssl-doc Products: SUSE-CORE 9-LTSS (i386, s390, s390x, x86_64)
Update released for: openssl, openssl-32bit, openssl-debuginfo, openssl-devel, openssl-devel-32bit, openssl-doc, openssl-x86 Products: SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64) SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Update released for: openssl, openssl-32bit, openssl-debuginfo, openssl-devel, openssl-devel-32bit, openssl-doc, openssl-x86 Products: SLE-DEBUGINFO 10-SP4 (i386, s390x, x86_64) SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0759-2: An update that fixes three vulnerabilities is now available. Category: security (critical) Bug References: 880891 CVE References: CVE-2014-0221,CVE-2014-0224,CVE-2014-3470 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): openssl-0.9.8a-18.82.4 SUSE Linux Enterprise Server 10 SP3 LTSS (src): openssl-0.9.8a-18.45.77.1
Posted a note for CVE-2014-0195: "According to our research, openssl before 0.9.8o is not affected by this overflow problem. The DTLS fragment reassembly was rewritten for 0.9.8o and older versions used different methods. So openssl 0.9.8j as used by SUSE Linux Enterprise 11 and older versions are not affected. Please also not that this problem only affects the Datagram TLS (over UDP) not the regular TLS over TCP which is more common."
An update workflow for this issue was started. This issue was rated as critical. Please submit fixed packages until 2014-06-11. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57757
This is an autogenerated message for OBS integration: This bug (880891) was mentioned in https://build.opensuse.org/request/show/236989 Factory / openssl
An update workflow for this issue was started. This issue was rated as critical. Please submit fixed packages until 2014-06-18. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57849
Update released for: libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-hmac, libopenssl0_9_8-hmac-32bit, libopenssl0_9_8-hmac-x86, libopenssl0_9_8-x86, openssl, openssl-doc Products: Open-Enterprise-Server 11-SP1 (x86_64)
Update released for: openssl, openssl-doc, openssl-devel, openssl-32bit, openssl-devel-32bit Products: Open-Enterprise-Server 2-SP3 (i386, x86_64)
SUSE-SU-2014:1557-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 802184,880891,890764,901223,901277,905106 CVE References: CVE-2013-0166,CVE-2013-0169,CVE-2014-0224,CVE-2014-3470,CVE-2014-3508,CVE-2014-3566,CVE-2014-3568 Sources used: SUSE Linux Enterprise for SAP Applications 11 SP1 (src): compat-openssl097g-0.9.7g-146.22.25.1
SUSE-SU-2014:1557-2: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 802184,880891,890764,901223,901277,905106 CVE References: CVE-2013-0166,CVE-2013-0169,CVE-2014-0224,CVE-2014-3470,CVE-2014-3508,CVE-2014-3566,CVE-2014-3568 Sources used: SUSE Linux Enterprise Desktop 11 SP3 (src): compat-openssl097g-0.9.7g-146.22.25.1
SUSE-SU-2015:0578-1: An update that contains security fixes can now be installed. Category: security (important) Bug References: 802184,880891,890764,901223,901277,905106,912014,912015,912018,912293,912296,920236,922488,922496,922499,922500,922501 CVE References: Sources used: SUSE Linux Enterprise for SAP Applications 11 SP2 (src): compat-openssl097g-0.9.7g-146.22.29.1
SUSE-SU-2015:0743-1: An update that fixes 40 vulnerabilities is now available. Category: security (important) Bug References: 873351,876282,880891,896400,904627,906117,906194,911442,911556,915911,915912,915913,915914,919229 CVE References: CVE-2010-5298,CVE-2012-5615,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-2494,CVE-2014-3470,CVE-2014-4207,CVE-2014-4258,CVE-2014-4260,CVE-2014-4274,CVE-2014-4287,CVE-2014-6463,CVE-2014-6464,CVE-2014-6469,CVE-2014-6474,CVE-2014-6478,CVE-2014-6484,CVE-2014-6489,CVE-2014-6491,CVE-2014-6494,CVE-2014-6495,CVE-2014-6496,CVE-2014-6500,CVE-2014-6505,CVE-2014-6507,CVE-2014-6520,CVE-2014-6530,CVE-2014-6551,CVE-2014-6555,CVE-2014-6559,CVE-2014-6564,CVE-2014-6568,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0391,CVE-2015-0411,CVE-2015-0432 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): mariadb-10.0.16-15.1 SUSE Linux Enterprise Software Development Kit 12 (src): mariadb-10.0.16-15.1 SUSE Linux Enterprise Server 12 (src): mariadb-10.0.16-15.1 SUSE Linux Enterprise Desktop 12 (src): mariadb-10.0.16-15.1
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available. Category: feature (moderate) Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668 CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712 JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135 Sources used: SUSE Manager Tools 12-BETA (src): venv-salt-minion-3002.2-3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.