Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

openSUSE Leap 42.3: 2018:0458-1 High: OpenSSL-Steam Security Issues

opensuse
Calendar Grey February 16, 2018
Dist Opensuse Esm H88
A crucial announcement for openSUSE tackling various security flaws in openssl-steam along with remediation guidelines.
An update that solves 16 vulnerabilities and has 12 fixes is now available.

Description

This update for openssl-steam fixes the following issues:

- Merged changes from upstream openssl (Factory rev 137) into this fork

for Steam.

Updated to openssl 1.0.2k:

* CVE-2016-7055: Montgomery multiplication may produce incorrect results

(boo#1009528)

* CVE-2016-7056: ECSDA P-256 timing attack key recovery (boo#1019334)

* CVE-2017-3731: Truncated packet could crash via OOB read (boo#1022085)

* CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64

(boo#1022086)

Update to openssl-1.0.2j:

* CVE-2016-7052: Missing CRL sanity check (boo#1001148)

OpenSSL Security Advisory [22 Sep 2016] (boo#999665)

- Severity: High

* CVE-2016-6304: OCSP Status Request extension unbounded memory growth

(boo#999666)

- Severity: Low

* CVE-2016-2177: Pointer arithmetic undefined behaviour (boo#982575)

* CVE-2016-2178: Constant time flag not preserved in DSA signing

(boo#983249)

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory high severity security issue update openssl threat fix openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-168=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

libopenssl1_0_0-steam-1.0.2k-4.3.1

libopenssl1_0_0-steam-debuginfo-1.0.2k-4.3.1

openssl-steam-debugsource-1.0.2k-4.3.1

- openSUSE Leap 42.3 (x86_64):

libopenssl1_0_0-steam-32bit-1.0.2k-4.3.1

libopenssl1_0_0-steam-debuginfo-32bit-1.0.2k-4.3.1

References

https://www.suse.com/security/cve/CVE-2016-2177.html

https://www.suse.com/security/cve/CVE-2016-2178.html

https://www.suse.com/security/cve/CVE-2016-2179.html

https://www.suse.com/security/cve/CVE-2016-2180.html

https://www.suse.com/security/cve/CVE-2016-2181.html

https://www.suse.com/security/cve/CVE-2016-2182.html

https://www.suse.com/security/cve/CVE-2016-2183.html

https://www.suse.com/security/cve/CVE-2016-6302.html

https://www.suse.com/security/cve/CVE-2016-6303.html

https://www.suse.com/security/cve/CVE-2016-6304.html

https://www.suse.com/security/cve/CVE-2016-6306.html

https://www.suse.com/security/cve/CVE-2016-7052.html

https://www.suse.com/security/cve/CVE-2016-7055.html

https://www.suse.com/security/cve/CVE-2016-7056.html

https://www.suse.com/security/cve/CVE-2017-3731.html

https://www.suse.com/security/cve/CVE-2017-3732.html

https://bugzilla.suse.com/1001148

https://bugzilla.suse.com/1009528

https://bugzilla.suse.com/1019334

https://bugzilla.suse.com/1022085

https://bugzilla.suse.com/1022086

htt...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:0458-1
Rating: important
Affected Products: openSUSE Leap 42.3 le.

Topics%20covered

Topics Covered

security advisory high severity security issue update openssl threat fix openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here