SUSE-SU-2023:2624-1

Опубликовано: 23 июн. 2023

Источник: suse-cvrf

Описание

Security update for openssl-1_0_0

This update for openssl-1_0_0 fixes the following issues:

CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534).

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Container suse/sles12sp4:latest

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Container suse/sles12sp5:latest

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-Azure-BYOS

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-Azure-Basic-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-Azure-HPC-BYOS

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-Azure-HPC-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-Azure-SAP-BYOS

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-Azure-SAP-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-Azure-Standard-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-EC2-BYOS

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-EC2-ECS-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-EC2-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-EC2-SAP-BYOS

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-EC2-SAP-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-GCE-BYOS

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-GCE-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-GCE-SAP-BYOS

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-GCE-SAP-On-Demand

libopenssl1_0_0-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

SUSE Linux Enterprise Server 12 SP4-ESPOS

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

openssl-1_0_0-doc-1.0.2p-3.78.1

SUSE Linux Enterprise Server 12 SP4-LTSS

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

openssl-1_0_0-doc-1.0.2p-3.78.1

SUSE Linux Enterprise Server 12 SP5

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

openssl-1_0_0-doc-1.0.2p-3.78.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

openssl-1_0_0-doc-1.0.2p-3.78.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

openssl-1_0_0-doc-1.0.2p-3.78.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl-1_0_0-devel-32bit-1.0.2p-3.78.1

SUSE OpenStack Cloud 9

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

openssl-1_0_0-doc-1.0.2p-3.78.1

SUSE OpenStack Cloud Crowbar 9

libopenssl-1_0_0-devel-1.0.2p-3.78.1

libopenssl1_0_0-1.0.2p-3.78.1

libopenssl1_0_0-32bit-1.0.2p-3.78.1

libopenssl1_0_0-hmac-1.0.2p-3.78.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1

openssl-1_0_0-1.0.2p-3.78.1

openssl-1_0_0-doc-1.0.2p-3.78.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232624-1/
Link for SUSE-SU-2023:2624-1
https://lists.suse.com/pipermail/sle-security-updates/2023-June/015284.html
E-Mail link for SUSE-SU-2023:2624-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207534
SUSE Bug 1207534
https://www.suse.com/security/cve/CVE-2022-4304/
SUSE CVE CVE-2022-4304 page

Описание

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:libopenssl1_0_0-1.0.2p-3.78.1

Container suse/ltss/sle12.5/sles12sp5:latest:openssl-1_0_0-1.0.2p-3.78.1

Container suse/sles12sp4:latest:libopenssl1_0_0-1.0.2p-3.78.1

Container suse/sles12sp4:latest:openssl-1_0_0-1.0.2p-3.78.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-4304.html
CVE-2022-4304
https://bugzilla.suse.com/1207534
SUSE Bug 1207534
https://bugzilla.suse.com/1210067
SUSE Bug 1210067
https://bugzilla.suse.com/1213146
SUSE Bug 1213146
https://bugzilla.suse.com/1213289
SUSE Bug 1213289
https://bugzilla.suse.com/1215014
SUSE Bug 1215014

SUSE-SU-2023:2624-1

Описание

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp4:latest

Container suse/sles12sp5:latest

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP4-ESPOS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2022-4304

Описание

Затронутые продукты

Ссылки