openSUSE Security Update : compat-openssl098 (openSUSE-2015-940)
Medium Nessus Plugin ID 87619
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for compat-openssl098 fixes the following issues :
Security issue fixed :
- CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.
Non security issue fixed :
- Prevent segfault in s_client with invalid options (bsc#952099)
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected compat-openssl098 packages.