Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE 15.4 & 15.5: SUSE-SU-2023:2633-1 Moderate OpenSSL Timing Attack

opensuse
Calendar Grey February 27, 2024
Dist Opensuse Esm H88
This notice provides an essential revision for openssl-1_0_0 concerning the vulnerability associated with CVE-2022-4304 related to timing attacks.
This update for openssl-1_0_0 fixes the following issues: CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption

Description

This update for openssl-1_0_0 fixes the following issues:

* CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The

previous fix for this timing side channel turned out to cause a severe 2-3x

performance regression in the typical use case (bsc#1207534).

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2023-2633=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2023-2633=1

* Legacy Module 15-SP4

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2633=1

* Legacy Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2633=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3

zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2633=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3

zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2633=1

* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2633=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2

zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2633=1

* SUSE Linux...

Read the Full Advisory

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)

* libopenssl-1_0_0-devel-1.0.2p-150000.3.79.1

* openssl-1_0_0-1.0.2p-150000.3.79.1

* libopenssl1_0_0-1.0.2p-150000.3.79.1

* openssl-1_0_0-cavs-1.0.2p-150000.3.79.1

* libopenssl1_0_0-hmac-1.0.2p-150000.3.79.1

* libopenssl1_0_0-steam-1.0.2p-150000.3.79.1

* openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.79.1

* libopenssl10-1.0.2p-150000.3.79.1

* openssl-1_0_0-debugsource-1.0.2p-150000.3.79.1

* libopenssl10-debuginfo-1.0.2p-150000.3.79.1

* openssl-1_0_0-debuginfo-1.0.2p-150000.3.79.1

* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.79.1

* libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.79.1

* openSUSE Leap 15.4 (x86_64)

* libopenssl1_0_0-32bit-1.0.2p-150000.3.79.1

* libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.79.1

* libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.79.1

* libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.79.1

* libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.79.1

* libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.79.1

* openSUSE Leap 15.4 (noarch)

*...

Read the Full Advisory

References

* bsc#1207534

## References:

* https://www.suse.com/security/cve/CVE-2022-4304.html

* https://bugzilla.suse.com/show_bug.cgi?id=1207534

Announcement ID: SUSE-SU-2023:2633-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.