Описание
ELSA-2019-2304: openssl security and bug fix update (MODERATE)
[1.0.2k-19.0.1]
- Bump release for rebuild.
[1.0.2k-19]
- close the RSA decryption 9 lives of Bleichenbacher cat timing side channel (#1649568)
[1.0.2k-18]
- fix CVE-2018-0734 - DSA signature local timing side channel
- fix CVE-2019-1559 - 0-byte record padding oracle
- close the RSA decryption One & done EM side channel (#1619558)
[1.0.2k-17]
- use SHA-256 in FIPS RSA pairwise key check
- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local timing side-channel key extraction
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
openssl
1.0.2k-19.0.1.el7
openssl-devel
1.0.2k-19.0.1.el7
openssl-libs
1.0.2k-19.0.1.el7
openssl-perl
1.0.2k-19.0.1.el7
openssl-static
1.0.2k-19.0.1.el7
Oracle Linux x86_64
openssl
1.0.2k-19.0.1.el7
openssl-devel
1.0.2k-19.0.1.el7
openssl-libs
1.0.2k-19.0.1.el7
openssl-perl
1.0.2k-19.0.1.el7
openssl-static
1.0.2k-19.0.1.el7
Связанные CVE
Связанные уязвимости
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
If an application encounters a fatal protocol error and then calls SSL ...