Описание
Security update for openssl-1_0_0
This update for openssl-1_0_0 fixes the following issues:
Security issues fixed:
- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Container suse/sles12sp4:latest
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Container suse/sles12sp5:latest
libopenssl1_0_0-1.0.2p-3.6.1
libopenssl1_0_0-hmac-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-Azure-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-EC2-HVM-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-GCE-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-OCI-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-Azure
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-Azure-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-EC2-HVM
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-GCE
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-GCE-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP4-SAP-OCI-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-Azure-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-Azure-Basic-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-Azure-HPC-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-Azure-HPC-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-Azure-SAP-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-Azure-SAP-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-Azure-Standard-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-EC2-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-EC2-ECS-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-EC2-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-EC2-SAP-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-EC2-SAP-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-GCE-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-GCE-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-GCE-SAP-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-GCE-SAP-On-Demand
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-OCI-BYOS-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libopenssl1_0_0-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-3.6.1
libopenssl1_0_0-32bit-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-3.6.1
libopenssl1_0_0-32bit-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
SUSE Linux Enterprise Desktop 12 SP4
libopenssl-1_0_0-devel-1.0.2p-3.6.1
libopenssl1_0_0-1.0.2p-3.6.1
libopenssl1_0_0-32bit-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
SUSE Linux Enterprise Server 12 SP4
libopenssl-1_0_0-devel-1.0.2p-3.6.1
libopenssl1_0_0-1.0.2p-3.6.1
libopenssl1_0_0-32bit-1.0.2p-3.6.1
libopenssl1_0_0-hmac-1.0.2p-3.6.1
libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
openssl-1_0_0-doc-1.0.2p-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libopenssl-1_0_0-devel-1.0.2p-3.6.1
libopenssl1_0_0-1.0.2p-3.6.1
libopenssl1_0_0-32bit-1.0.2p-3.6.1
libopenssl1_0_0-hmac-1.0.2p-3.6.1
libopenssl1_0_0-hmac-32bit-1.0.2p-3.6.1
openssl-1_0_0-1.0.2p-3.6.1
openssl-1_0_0-doc-1.0.2p-3.6.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libopenssl-1_0_0-devel-1.0.2p-3.6.1
Ссылки
- Link for SUSE-SU-2019:0572-1
- E-Mail link for SUSE-SU-2019:0572-1
- SUSE Security Ratings
- SUSE Bug 1117951
- SUSE Bug 1127080
- SUSE CVE CVE-2019-1559 page
Описание
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libopenssl1_0_0-1.0.2p-3.6.1
Container suse/ltss/sle12.5/sles12sp5:latest:openssl-1_0_0-1.0.2p-3.6.1
Container suse/sles12sp4:latest:libopenssl1_0_0-1.0.2p-3.6.1
Container suse/sles12sp4:latest:openssl-1_0_0-1.0.2p-3.6.1
Ссылки
- CVE-2019-1559
- SUSE Bug 1127080
- SUSE Bug 1130039
- SUSE Bug 1141798