Bug 857640 (CVE-2013-4353) - VUL-0: CVE-2013-4353: openssl: TLS record tampering issue can lead to OpenSSL crash
Summary: VUL-0: CVE-2013-4353: openssl: TLS record tampering issue can lead to OpenSSL...
Status: RESOLVED FIXED
Alias: CVE-2013-4353
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-07 09:21 UTC by Sebastian Krahmer
Modified: 2015-02-19 01:46 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2014-01-07 23:00:25 UTC 
bugbot adjusting priority
Comment 2 Shawn Chang 2014-01-08 07:40:56 UTC 
Done the backport from upstream:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=197e0ea817ad64820789d86711d55ff50d71f631

for openSUSE 13.1/12.3/12.2
Comment 3 Bernhard Wiedemann 2014-01-08 08:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (857640) was mentioned in
https://build.opensuse.org/request/show/213094 13.1 / openssl
https://build.opensuse.org/request/show/213096 12.3 / openssl
https://build.opensuse.org/request/show/213097 12.2 / openssl
Comment 6 Sebastian Krahmer 2014-01-20 10:25:28 UTC 
released
Comment 7 Swamp Workflow Management 2014-01-20 11:04:59 UTC 
openSUSE-SU-2014:0094-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 857640
CVE References: CVE-2013-4353
Sources used:
openSUSE 12.2 (src):    openssl-1.0.1e-2.25.1
Comment 8 Swamp Workflow Management 2014-01-20 11:05:37 UTC 
openSUSE-SU-2014:0096-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 857640
CVE References: CVE-2013-4353
Sources used:
openSUSE 12.3 (src):    openssl-1.0.1e-1.26.1
Comment 9 Swamp Workflow Management 2014-01-20 11:06:49 UTC 
openSUSE-SU-2014:0099-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 857640
CVE References: CVE-2013-4353
Sources used:
openSUSE 13.1 (src):    openssl-1.0.1e-11.14.1