Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:3890-1

Опубликовано: 24 нояб. 2018
Источник: suse-cvrf

Описание

Security update for openssl-1_1

This update for openssl-1_1 fixes the following issues:

Security issues fixed:

  • CVE-2018-0734: timing vulnerability in DSA signature generation (bsc#1113652).
  • CVE-2018-0735: timing vulnerability in ECDSA signature generation (bsc#1113651).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
libopenssl-1_1-devel-1.1.0i-lp150.3.15.1
libopenssl-1_1-devel-32bit-1.1.0i-lp150.3.15.1
libopenssl1_1-1.1.0i-lp150.3.15.1
libopenssl1_1-32bit-1.1.0i-lp150.3.15.1
libopenssl1_1-hmac-1.1.0i-lp150.3.15.1
libopenssl1_1-hmac-32bit-1.1.0i-lp150.3.15.1
openssl-1_1-1.1.0i-lp150.3.15.1
openssl-1_1-doc-1.1.0i-lp150.3.15.1

Ссылки

Описание

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Затронутые продукты
openSUSE Leap 15.0:libopenssl-1_1-devel-1.1.0i-lp150.3.15.1
openSUSE Leap 15.0:libopenssl-1_1-devel-32bit-1.1.0i-lp150.3.15.1
openSUSE Leap 15.0:libopenssl1_1-1.1.0i-lp150.3.15.1
openSUSE Leap 15.0:libopenssl1_1-32bit-1.1.0i-lp150.3.15.1
Ссылки

Описание

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Затронутые продукты
openSUSE Leap 15.0:libopenssl-1_1-devel-1.1.0i-lp150.3.15.1
openSUSE Leap 15.0:libopenssl-1_1-devel-32bit-1.1.0i-lp150.3.15.1
openSUSE Leap 15.0:libopenssl1_1-1.1.0i-lp150.3.15.1
openSUSE Leap 15.0:libopenssl1_1-32bit-1.1.0i-lp150.3.15.1
Ссылки