SUSE-SU-2018:3863-1

Опубликовано: 22 нояб. 2018

Источник: suse-cvrf

Описание

Security update for openssl-1_1

This update for openssl-1_1 fixes the following issues:

Security issues fixed:

CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

libopenssl-1_1-devel-1.1.0i-4.15.1

libopenssl1_1-1.1.0i-4.15.1

libopenssl1_1-32bit-1.1.0i-4.15.1

libopenssl1_1-hmac-1.1.0i-4.15.1

libopenssl1_1-hmac-32bit-1.1.0i-4.15.1

openssl-1_1-1.1.0i-4.15.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183863-1/
Link for SUSE-SU-2018:3863-1
https://lists.suse.com/pipermail/sle-security-updates/2018-November/004872.html
E-Mail link for SUSE-SU-2018:3863-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1113651
SUSE Bug 1113651
https://bugzilla.suse.com/1113652
SUSE Bug 1113652
https://www.suse.com/security/cve/CVE-2018-0734/
SUSE CVE CVE-2018-0734 page
https://www.suse.com/security/cve/CVE-2018-0735/
SUSE CVE CVE-2018-0735 page

Описание

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1

SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1

SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1

SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-0734.html
CVE-2018-0734
https://bugzilla.suse.com/1113534
SUSE Bug 1113534
https://bugzilla.suse.com/1113652
SUSE Bug 1113652
https://bugzilla.suse.com/1113742
SUSE Bug 1113742
https://bugzilla.suse.com/1122198
SUSE Bug 1122198
https://bugzilla.suse.com/1122212
SUSE Bug 1122212
https://bugzilla.suse.com/1126909
SUSE Bug 1126909
https://bugzilla.suse.com/1148697
SUSE Bug 1148697

Описание

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1

SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1

SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1

SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-0735.html
CVE-2018-0735
https://bugzilla.suse.com/1113534
SUSE Bug 1113534
https://bugzilla.suse.com/1113651
SUSE Bug 1113651

SUSE-SU-2018:3863-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

Ссылки

Уязвимость: CVE-2018-0734

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-0735

Описание

Затронутые продукты

Ссылки