Описание
Security update for openssl-1_0_0
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP3-SAPCAL-Azure
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP3-SAPCAL-GCE
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
libopenssl1_0_0-1.0.2p-150000.3.79.1
SUSE Enterprise Storage 7
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Enterprise Storage 7.1
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Module for Legacy 15 SP4
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
libopenssl1_0_0-hmac-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Module for Legacy 15 SP5
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
libopenssl1_0_0-hmac-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
openSUSE Leap 15.4
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
libopenssl1_0_0-32bit-1.0.2p-150000.3.79.1
libopenssl1_0_0-hmac-1.0.2p-150000.3.79.1
libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.79.1
libopenssl1_0_0-steam-1.0.2p-150000.3.79.1
libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-cavs-1.0.2p-150000.3.79.1
openssl-1_0_0-doc-1.0.2p-150000.3.79.1
openSUSE Leap 15.5
libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1
libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.79.1
libopenssl10-1.0.2p-150000.3.79.1
libopenssl1_0_0-1.0.2p-150000.3.79.1
libopenssl1_0_0-32bit-1.0.2p-150000.3.79.1
libopenssl1_0_0-hmac-1.0.2p-150000.3.79.1
libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.79.1
libopenssl1_0_0-steam-1.0.2p-150000.3.79.1
libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.79.1
openssl-1_0_0-1.0.2p-150000.3.79.1
openssl-1_0_0-cavs-1.0.2p-150000.3.79.1
openssl-1_0_0-doc-1.0.2p-150000.3.79.1
Ссылки
- Link for SUSE-SU-2023:2633-1
- E-Mail link for SUSE-SU-2023:2633-1
- SUSE Security Ratings
- SUSE Bug 1207534
- SUSE CVE CVE-2022-4304 page
Описание
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libopenssl1_0_0-1.0.2p-150000.3.79.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libopenssl1_0_0-1.0.2p-150000.3.79.1
Ссылки
- CVE-2022-4304
- SUSE Bug 1207534
- SUSE Bug 1210067
- SUSE Bug 1213146
- SUSE Bug 1213289
- SUSE Bug 1215014