Please Install the Updated Packages.
The openssl library was updated to version 1.0.1h fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack.
openssl on openSUSE 13.1, openSUSE 12.3
Updated on 2015-03-25
CVE CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
CVSS Base Score: 6.8