Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:3192-1

Опубликовано: 02 дек. 2017
Источник: suse-cvrf

Описание

Security update for openssl

This update for openssl fixes the following issues:

Security issues fixed:

  • CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058)
  • CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242)
  • Out of bounds read+crash in DES_fcrypt (bsc#1065363)
  • openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
libopenssl-devel-1.0.2j-13.1
libopenssl-devel-32bit-1.0.2j-13.1
libopenssl1_0_0-1.0.2j-13.1
libopenssl1_0_0-32bit-1.0.2j-13.1
libopenssl1_0_0-hmac-1.0.2j-13.1
libopenssl1_0_0-hmac-32bit-1.0.2j-13.1
openssl-1.0.2j-13.1
openssl-cavs-1.0.2j-13.1
openssl-doc-1.0.2j-13.1
openSUSE Leap 42.3
libopenssl-devel-1.0.2j-13.1
libopenssl-devel-32bit-1.0.2j-13.1
libopenssl1_0_0-1.0.2j-13.1
libopenssl1_0_0-32bit-1.0.2j-13.1
libopenssl1_0_0-hmac-1.0.2j-13.1
libopenssl1_0_0-hmac-32bit-1.0.2j-13.1
openssl-1.0.2j-13.1
openssl-cavs-1.0.2j-13.1
openssl-doc-1.0.2j-13.1

Ссылки

Описание

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Затронутые продукты
openSUSE Leap 42.2:libopenssl-devel-1.0.2j-13.1
openSUSE Leap 42.2:libopenssl-devel-32bit-1.0.2j-13.1
openSUSE Leap 42.2:libopenssl1_0_0-1.0.2j-13.1
openSUSE Leap 42.2:libopenssl1_0_0-32bit-1.0.2j-13.1
Ссылки

Описание

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Затронутые продукты
openSUSE Leap 42.2:libopenssl-devel-1.0.2j-13.1
openSUSE Leap 42.2:libopenssl-devel-32bit-1.0.2j-13.1
openSUSE Leap 42.2:libopenssl1_0_0-1.0.2j-13.1
openSUSE Leap 42.2:libopenssl1_0_0-32bit-1.0.2j-13.1
Ссылки