SUSE-SU-2018:3945-1

Опубликовано: 29 нояб. 2018

Источник: suse-cvrf

Описание

Security update for openssl-1_1

This update for openssl-1_1 fixes the following issues:

Security issues fixed:

CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651).

Non-security issues fixed:

Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4

libopenssl1_1-1.1.1-2.3.1

libopenssl1_1-32bit-1.1.1-2.3.1

SUSE Linux Enterprise Server 12 SP4

libopenssl1_1-1.1.1-2.3.1

libopenssl1_1-32bit-1.1.1-2.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libopenssl1_1-1.1.1-2.3.1

libopenssl1_1-32bit-1.1.1-2.3.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libopenssl-1_1-devel-1.1.1-2.3.1

libopenssl-1_1-devel-32bit-1.1.1-2.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183945-1/
Link for SUSE-SU-2018:3945-1
https://www.suse.com/support/update/announcement/2018/suse-su-20183945-1.html
E-Mail link for SUSE-SU-2018:3945-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1112209
SUSE Bug 1112209
https://bugzilla.suse.com/1113651
SUSE Bug 1113651
https://bugzilla.suse.com/1113652
SUSE Bug 1113652
https://www.suse.com/security/cve/CVE-2018-0734/
SUSE CVE CVE-2018-0734 page
https://www.suse.com/security/cve/CVE-2018-0735/
SUSE CVE CVE-2018-0735 page

Описание

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1

SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1

SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1

SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-0734.html
CVE-2018-0734
https://bugzilla.suse.com/1113534
SUSE Bug 1113534
https://bugzilla.suse.com/1113652
SUSE Bug 1113652
https://bugzilla.suse.com/1113742
SUSE Bug 1113742
https://bugzilla.suse.com/1122198
SUSE Bug 1122198
https://bugzilla.suse.com/1122212
SUSE Bug 1122212
https://bugzilla.suse.com/1126909
SUSE Bug 1126909
https://bugzilla.suse.com/1148697
SUSE Bug 1148697

Описание

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1

SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1

SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1

SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-0735.html
CVE-2018-0735
https://bugzilla.suse.com/1113534
SUSE Bug 1113534
https://bugzilla.suse.com/1113651
SUSE Bug 1113651

SUSE-SU-2018:3945-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2018-0734

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-0735

Описание

Затронутые продукты

Ссылки