Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1553-1

Опубликовано: 18 июн. 2019
Источник: suse-cvrf

Описание

Security update for openssl

This update for openssl fixes the following issues:

  • CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158)
  • CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652)
  • CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039)
  • CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes 'PortSmash') (bsc#1113534)
  • CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080)
  • Fix One&Done side-channel attack on RSA (bsc#1104789)
  • Reject invalid EC point coordinates (bsc#1131291)
  • The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951)
  • Add missing error string to CVE-2016-8610 fix (bsc#1110018#c9)
  • blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)

Non security fixes:

  • correct the error detection in the fips patch (bsc#1106197)
  • Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470)

Список пакетов

SUSE Linux Enterprise Server 12-LTSS
libopenssl1_0_0-1.0.1i-27.34.1
libopenssl1_0_0-32bit-1.0.1i-27.34.1
libopenssl1_0_0-hmac-1.0.1i-27.34.1
libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1
openssl-1.0.1i-27.34.1
openssl-doc-1.0.1i-27.34.1

Ссылки

Описание

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1
Ссылки

Описание

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1
Ссылки

Описание

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1
Ссылки

Описание

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1
Ссылки

Описание

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1
Ссылки

Описание

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-32bit-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-1.0.1i-27.34.1
SUSE Linux Enterprise Server 12-LTSS:libopenssl1_0_0-hmac-32bit-1.0.1i-27.34.1
Ссылки
Уязвимость SUSE-SU-2019:1553-1