RedHat: RHSA-2019-3700:01 Low: openssl security, bug fix,

    Date05 Nov 2019
    CategoryRed Hat
    184
    Posted ByLinuxSecurity Advisories
    An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Low: openssl security, bug fix, and enhancement update
    Advisory ID:       RHSA-2019:3700-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3700
    Issue date:        2019-11-05
    CVE Names:         CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 
    =====================================================================
    
    1. Summary:
    
    An update for openssl is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Low. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
    
    3. Description:
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
    Transport Layer Security (TLS) protocols, as well as a full-strength
    general-purpose cryptography library.
    
    The following packages have been upgraded to a later upstream version:
    openssl (1.1.1c). (BZ#1643026)
    
    Security Fix(es):
    
    * openssl: timing side channel attack in the DSA signature algorithm
    (CVE-2018-0734)
    
    * openssl: timing side channel attack in the ECDSA signature generation
    (CVE-2018-0735)
    
    * openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Additional Changes:
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    For the update to take effect, all services linked to the OpenSSL library
    must be restarted, or the system rebooted.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation
    1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm
    1668880 - ec man page lists -modulus but the tool doesn't support it
    1686058 - specifying digest for signing time-stamping responses is mandatory
    1686548 - Incorrect handling of fragmented KeyUpdate messages
    1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces
    1697915 - Race/segmentation fault on process shutdown in OpenSSL
    1706104 - openssl asn1parse crashes with double free or corruption (!prev)
    1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random
    1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default
    1714245 - DSA ciphers in TLS don't work with SHA-1 signatures even in LEGACY level
    
    6. Package List:
    
    Red Hat Enterprise Linux BaseOS (v. 8):
    
    Source:
    openssl-1.1.1c-2.el8.src.rpm
    
    aarch64:
    openssl-1.1.1c-2.el8.aarch64.rpm
    openssl-debuginfo-1.1.1c-2.el8.aarch64.rpm
    openssl-debugsource-1.1.1c-2.el8.aarch64.rpm
    openssl-devel-1.1.1c-2.el8.aarch64.rpm
    openssl-libs-1.1.1c-2.el8.aarch64.rpm
    openssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm
    openssl-perl-1.1.1c-2.el8.aarch64.rpm
    
    ppc64le:
    openssl-1.1.1c-2.el8.ppc64le.rpm
    openssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm
    openssl-debugsource-1.1.1c-2.el8.ppc64le.rpm
    openssl-devel-1.1.1c-2.el8.ppc64le.rpm
    openssl-libs-1.1.1c-2.el8.ppc64le.rpm
    openssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm
    openssl-perl-1.1.1c-2.el8.ppc64le.rpm
    
    s390x:
    openssl-1.1.1c-2.el8.s390x.rpm
    openssl-debuginfo-1.1.1c-2.el8.s390x.rpm
    openssl-debugsource-1.1.1c-2.el8.s390x.rpm
    openssl-devel-1.1.1c-2.el8.s390x.rpm
    openssl-libs-1.1.1c-2.el8.s390x.rpm
    openssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm
    openssl-perl-1.1.1c-2.el8.s390x.rpm
    
    x86_64:
    openssl-1.1.1c-2.el8.x86_64.rpm
    openssl-debuginfo-1.1.1c-2.el8.i686.rpm
    openssl-debuginfo-1.1.1c-2.el8.x86_64.rpm
    openssl-debugsource-1.1.1c-2.el8.i686.rpm
    openssl-debugsource-1.1.1c-2.el8.x86_64.rpm
    openssl-devel-1.1.1c-2.el8.i686.rpm
    openssl-devel-1.1.1c-2.el8.x86_64.rpm
    openssl-libs-1.1.1c-2.el8.i686.rpm
    openssl-libs-1.1.1c-2.el8.x86_64.rpm
    openssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm
    openssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm
    openssl-perl-1.1.1c-2.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-0734
    https://access.redhat.com/security/cve/CVE-2018-0735
    https://access.redhat.com/security/cve/CVE-2019-1543
    https://access.redhat.com/security/updates/classification/#low
    https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm
    eqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3
    jXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/
    thxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs
    89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz
    hVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i
    WnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B
    MXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL
    uGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02
    mPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY
    pdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F
    82vSbeKouJA=
    =mdzd
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.