Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

openSUSE Leap 42.3: 2019:1175-1 Moderate OpenSSL Cache Attack Fix

opensuse
Calendar Grey April 8, 2019
Dist Opensuse Esm H88
Patch addresses a significant vulnerability in OpenSSL, incorporating upgrades for safety and better management of TLS protocols.
An update that solves one vulnerability and has three fixes is now available.

Description

This update for openssl fixes the following issues:

Security issues fixed:

- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS

Implementations (bsc#1117951)

- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under

certain circumstances a TLS server can be forced to respond differently

to a client and lead to the decryption of the data (bsc#1127080).

Other issues addressed:

- Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl

(bsc#1113975).

- Set TLS version to 0 in msg_callback for record messages to avoid

confusing applications (bsc#1100078).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1175=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

libopenssl-devel-1.0.2j-35.1

libopenssl1_0_0-1.0.2j-35.1

libopenssl1_0_0-debuginfo-1.0.2j-35.1

libopenssl1_0_0-hmac-1.0.2j-35.1

openssl-1.0.2j-35.1

openssl-cavs-1.0.2j-35.1

openssl-cavs-debuginfo-1.0.2j-35.1

openssl-debuginfo-1.0.2j-35.1

openssl-debugsource-1.0.2j-35.1

- openSUSE Leap 42.3 (noarch):

openssl-doc-1.0.2j-35.1

- openSUSE Leap 42.3 (x86_64):

libopenssl-devel-32bit-1.0.2j-35.1

libopenssl1_0_0-32bit-1.0.2j-35.1

libopenssl1_0_0-debuginfo-32bit-1.0.2j-35.1

libopenssl1_0_0-hmac-32bit-1.0.2j-35.1

References

https://www.suse.com/security/cve/CVE-2019-1559.html

https://bugzilla.suse.com/1100078

https://bugzilla.suse.com/1113975

https://bugzilla.suse.com/1117951

https://bugzilla.suse.com/1127080

--

Announcement ID: openSUSE-SU-2019:1175-1
Rating: moderate
Affected Products: openSUSE Leap 42.3 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here