Security update for openssl
Announcement ID: | SUSE-SU-2018:3864-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves four vulnerabilities and has two security fixes can now be installed.
Description:
This update for openssl fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197).
- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).
- Add missing timing side channel patch for DSA signature generation (bsc#1113742).
- Fixed the "One and Done" side-channel attack on RSA (bsc#1104789).
Non-security issues fixed:
- Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2762=1
Package List:
-
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
- openssl-debugsource-1.0.1i-54.20.1
- openssl-debuginfo-1.0.1i-54.20.1
- libopenssl1_0_0-hmac-1.0.1i-54.20.1
- openssl-1.0.1i-54.20.1
- libopenssl1_0_0-debuginfo-1.0.1i-54.20.1
- libopenssl1_0_0-1.0.1i-54.20.1
-
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (noarch)
- openssl-doc-1.0.1i-54.20.1
-
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (s390x x86_64)
- libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1
- libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.20.1
- libopenssl1_0_0-32bit-1.0.1i-54.20.1
References:
- https://www.suse.com/security/cve/CVE-2016-8610.html
- https://www.suse.com/security/cve/CVE-2018-0734.html
- https://www.suse.com/security/cve/CVE-2018-0737.html
- https://www.suse.com/security/cve/CVE-2018-5407.html
- https://bugzilla.suse.com/show_bug.cgi?id=1101470
- https://bugzilla.suse.com/show_bug.cgi?id=1104789
- https://bugzilla.suse.com/show_bug.cgi?id=1106197
- https://bugzilla.suse.com/show_bug.cgi?id=1110018
- https://bugzilla.suse.com/show_bug.cgi?id=1113534
- https://bugzilla.suse.com/show_bug.cgi?id=1113652