Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:14249-1

Опубликовано: 12 дек. 2019
Источник: suse-cvrf

Описание

Security update for openssl

This update for openssl fixes the following issues:

  • Included the missing cms and pk7 fixes of CVE-2019-1563 (bsc#1153785).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
libopenssl-devel-0.9.8j-0.106.28.1
libopenssl0_9_8-0.9.8j-0.106.28.1
libopenssl0_9_8-hmac-0.9.8j-0.106.28.1
openssl-0.9.8j-0.106.28.1
openssl-doc-0.9.8j-0.106.28.1
SUSE Linux Enterprise Server 11 SP4-LTSS
libopenssl0_9_8-0.9.8j-0.106.28.1
libopenssl0_9_8-32bit-0.9.8j-0.106.28.1
libopenssl0_9_8-hmac-0.9.8j-0.106.28.1
libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.28.1
openssl-0.9.8j-0.106.28.1
openssl-doc-0.9.8j-0.106.28.1

Ссылки

Описание

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl-devel-0.9.8j-0.106.28.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-0.9.8j-0.106.28.1
SUSE Linux Enterprise Point of Sale 11 SP3:libopenssl0_9_8-hmac-0.9.8j-0.106.28.1
SUSE Linux Enterprise Point of Sale 11 SP3:openssl-0.9.8j-0.106.28.1
Ссылки