Описание
Security update for libnettle
This update for libnettle fixes the following issues:
Security issues fixed:
- CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
libhogweed4-3.4-4.3.1
libnettle-devel-3.4-4.3.1
libnettle6-3.4-4.3.1
SUSE Linux Enterprise Module for Desktop Applications 15
libhogweed4-32bit-3.4-4.3.1
libnettle6-32bit-3.4-4.3.1
Ссылки
- Link for SUSE-SU-2018:4193-1
- E-Mail link for SUSE-SU-2018:4193-1
- SUSE Security Ratings
- SUSE Bug 1118086
- SUSE CVE CVE-2018-16869 page
Описание
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libhogweed4-3.4-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:libnettle-devel-3.4-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:libnettle6-3.4-4.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libhogweed4-32bit-3.4-4.3.1
Ссылки
- CVE-2018-16869
- SUSE Bug 1117951
- SUSE Bug 1118086
- SUSE Bug 1118087
- SUSE Bug 1134856