Описание
Security update for compat-openssl098
This update for compat-openssl098 fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
- Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:4104-1
- SUSE Security Ratings
Описание
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Затронутые продукты
Ссылки
- CVE-2016-8610
- SUSE Bug 1005878
- SUSE Bug 1005879
- SUSE Bug 1120592
- SUSE Bug 1126909
- SUSE Bug 982575
Описание
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Затронутые продукты
Ссылки
- CVE-2018-0734
- SUSE Bug 1113534
- SUSE Bug 1113652
- SUSE Bug 1113742
- SUSE Bug 1122198
- SUSE Bug 1122212
- SUSE Bug 1126909
Описание
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Затронутые продукты
Ссылки
- CVE-2018-5407
- SUSE Bug 1113534
- SUSE Bug 1116195
- SUSE Bug 1126909