Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:4274-1

Опубликовано: 27 дек. 2018
Источник: suse-cvrf

Описание

Security update for openssl

This update for openssl fixes the following issues:

Security issues fixed:

  • CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
  • CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
  • CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
  • Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
libopenssl-devel-0.9.8j-0.106.18.1
libopenssl0_9_8-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
openssl-0.9.8j-0.106.18.1
openssl-doc-0.9.8j-0.106.18.1
SUSE Linux Enterprise Server 11 SP3-LTSS
libopenssl-devel-0.9.8j-0.106.18.1
libopenssl0_9_8-0.9.8j-0.106.18.1
libopenssl0_9_8-32bit-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1
openssl-0.9.8j-0.106.18.1
openssl-doc-0.9.8j-0.106.18.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libopenssl-devel-0.9.8j-0.106.18.1
libopenssl0_9_8-0.9.8j-0.106.18.1
libopenssl0_9_8-32bit-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1
openssl-0.9.8j-0.106.18.1
openssl-doc-0.9.8j-0.106.18.1
SUSE Linux Enterprise Server 11 SP4
libopenssl0_9_8-0.9.8j-0.106.18.1
libopenssl0_9_8-32bit-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1
libopenssl0_9_8-x86-0.9.8j-0.106.18.1
openssl-0.9.8j-0.106.18.1
openssl-doc-0.9.8j-0.106.18.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libopenssl0_9_8-0.9.8j-0.106.18.1
libopenssl0_9_8-32bit-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1
libopenssl0_9_8-x86-0.9.8j-0.106.18.1
openssl-0.9.8j-0.106.18.1
openssl-doc-0.9.8j-0.106.18.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libopenssl-devel-0.9.8j-0.106.18.1
libopenssl-devel-32bit-0.9.8j-0.106.18.1
SUSE Studio Onsite 1.3
libopenssl-devel-0.9.8j-0.106.18.1

Ссылки

Описание

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1
Ссылки

Описание

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1
Ссылки

Описание

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.18.1
SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.18.1
Ссылки
Уязвимость SUSE-SU-2018:4274-1