Package        : openssl
Version        : 1.0.1t-1+deb8u12
CVE ID         : CVE-2019-1547 CVE-2019-1563

Two security vulnerabilities were found in OpenSSL, the Secure Sockets
Layer toolkit.

CVE-2019-1547

    Normally in OpenSSL EC groups always have a co-factor present and
    this is used in side channel resistant code paths. However, in some
    cases, it is possible to construct a group using explicit parameters    (instead of using a named curve). In those cases it is possible that
    such a group does not have the cofactor present. This can occur even
    where all the parameters match a known named curve. If such a curve
    is used then OpenSSL falls back to non-side channel resistant code
    paths which may result in full key recovery during an ECDSA
    signature operation. In order to be vulnerable an attacker
    would have to have the ability to time the creation of a large
    number of signatures where explicit parameters with no co-factor
    present are in use by an application using libcrypto. For the
    avoidance of doubt libssl is not vulnerable because explicit
    parameters are never used.

CVE-2019-1563

    In situations where an attacker receives automated notification of
    the success or failure of a decryption attempt an attacker, after
    sending a very large number of messages to be decrypted, can recover
    a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
    message that was encrypted with the public RSA key, using a
    Bleichenbacher padding oracle attack. Applications are not affected
    if they use a certificate together with the private RSA key to the
    CMS_decrypt or PKCS7_decrypt functions to select the correct
    recipient info to decrypt.

For Debian 8 "Jessie", these problems have been fixed in version
1.0.1t-1+deb8u12.

We recommend that you upgrade your openssl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-1932-1: openssl security update

September 25, 2019
Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit

Summary

Normally in OpenSSL EC groups always have a co-factor present and
this is used in side channel resistant code paths. However, in some
cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that
such a group does not have the cofactor present. This can occur even
where all the parameters match a known named curve. If such a curve
is used then OpenSSL falls back to non-side channel resistant code
paths which may result in full key recovery during an ECDSA
signature operation. In order to be vulnerable an attacker
would have to have the ability to time the creation of a large
number of signatures where explicit parameters with no co-factor
present are in use by an application using libcrypto. For the
avoidance of doubt libssl is not vulnerable because explicit
parameters are never used.

CVE-2019-1563

In situations where an attacker receives automated notification of
the success or failure of a decryption attempt an attacker, after
sending a very large number of messages to be decrypted, can recover
a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
message that was encrypted with the public RSA key, using a
Bleichenbacher padding oracle attack. Applications are not affected
if they use a certificate together with the private RSA key to the
CMS_decrypt or PKCS7_decrypt functions to select the correct
recipient info to decrypt.

For Debian 8 "Jessie", these problems have been fixed in version
1.0.1t-1+deb8u12.

We recommend that you upgrade your openssl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : openssl
Version : 1.0.1t-1+deb8u12
CVE ID : CVE-2019-1547 CVE-2019-1563

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved