Описание
Security update for libressl
This update for libressl fixes the following issues:
- CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys (boo#1019334)
Список пакетов
openSUSE Leap 42.1
libcrypto36-2.3.0-10.1
libcrypto36-32bit-2.3.0-10.1
libcrypto37-2.3.4-3.1
libcrypto37-32bit-2.3.4-3.1
libressl-2.3.4-3.1
libressl-devel-2.3.4-3.1
libressl-devel-32bit-2.3.4-3.1
libressl-devel-doc-2.3.4-3.1
libssl37-2.3.0-10.1
libssl37-32bit-2.3.0-10.1
libssl38-2.3.4-3.1
libssl38-32bit-2.3.4-3.1
libtls10-2.3.4-3.1
libtls10-32bit-2.3.4-3.1
libtls9-2.3.0-10.1
libtls9-32bit-2.3.0-10.1
openSUSE Leap 42.2
libcrypto36-2.3.0-10.1
libcrypto36-32bit-2.3.0-10.1
libcrypto37-2.3.4-3.1
libcrypto37-32bit-2.3.4-3.1
libressl-2.3.4-3.1
libressl-devel-2.3.4-3.1
libressl-devel-32bit-2.3.4-3.1
libressl-devel-doc-2.3.4-3.1
libssl37-2.3.0-10.1
libssl37-32bit-2.3.0-10.1
libssl38-2.3.4-3.1
libssl38-32bit-2.3.4-3.1
libtls10-2.3.4-3.1
libtls10-32bit-2.3.4-3.1
libtls9-2.3.0-10.1
libtls9-32bit-2.3.0-10.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0409-1
- SUSE Security Ratings
Описание
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
Затронутые продукты
openSUSE Leap 42.1:libcrypto36-2.3.0-10.1
openSUSE Leap 42.1:libcrypto36-32bit-2.3.0-10.1
openSUSE Leap 42.1:libcrypto37-2.3.4-3.1
openSUSE Leap 42.1:libcrypto37-32bit-2.3.4-3.1
Ссылки
- CVE-2016-7056
- SUSE Bug 1005878
- SUSE Bug 1018910
- SUSE Bug 1019334