Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Mageia: 2020-0023 Critical: OpenSSL Overflow Risk and Fix

mageia
Calendar Grey January 5, 2020
Dist Mageia Esm H88
Mageia 2020-0024 updates libcurl packages to address a security issue impacting data transmission. Essential for HTTPS vulnerabilities.
Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit ...

Summary

Updated compat-openssl10 and openssl packages fix security vulnerability:
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME (CVE-2019-1551).

References

- https://bugs.mageia.org/show_bug.cgi?id=25977

- https://openssl-library.org/news/secadv/20191206.txt

- https://www.cve.org/CVERecord?id=CVE-2019-1551

Resolution

SRPMS

- 7/core/openssl-1.1.0l-1.1.mga7

- 7/core/compat-openssl10-1.0.2u-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0023.html
Type: security
CVE: CVE-2019-1551

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here