openSUSE-SU-2018:4260-1

Опубликовано: 22 дек. 2018

Источник: suse-cvrf

Описание

Security update for libnettle

This update for libnettle fixes the following issues:

Security issues fixed:

CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libhogweed4-3.4-lp150.3.3.1

libhogweed4-32bit-3.4-lp150.3.3.1

libnettle-3.4-lp150.3.3.1

libnettle-devel-3.4-lp150.3.3.1

libnettle-devel-32bit-3.4-lp150.3.3.1

libnettle6-3.4-lp150.3.3.1

libnettle6-32bit-3.4-lp150.3.3.1

nettle-3.4-lp150.3.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00065.html
E-Mail link for openSUSE-SU-2018:4260-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Затронутые продукты

openSUSE Leap 15.0:libhogweed4-3.4-lp150.3.3.1

openSUSE Leap 15.0:libhogweed4-32bit-3.4-lp150.3.3.1

openSUSE Leap 15.0:libnettle-3.4-lp150.3.3.1

openSUSE Leap 15.0:libnettle-devel-3.4-lp150.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16869.html
CVE-2018-16869
https://bugzilla.suse.com/1117951
SUSE Bug 1117951
https://bugzilla.suse.com/1118086
SUSE Bug 1118086

openSUSE-SU-2018:4260-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-16869

Описание

Затронутые продукты

Ссылки