What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for openssl1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2545-1
Rating:             moderate
References:         #1089039 #1097158 #1097624 #1098592 
Cross-References:   CVE-2018-0732 CVE-2018-0737
Affected Products:
                    SUSE Linux Enterprise Server 11-SECURITY
______________________________________________________________________________

   An update that solves two vulnerabilities and has two fixes
   is now available.

Description:

   This update for openssl1 fixes the following security issues:

   - CVE-2018-0737: The RSA Key generation algorithm has been shown to be
     vulnerable to a cache timing side channel attack. An attacker with
     sufficient access to mount cache timing attacks during the RSA key
     generation process could have recovered the private key (bsc#1089039)
   - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E)
     based ciphersuite a malicious server could have sent a very large prime
     value to the client. This caused the client to spend an unreasonably
     long period of time generating a key for this prime resulting in a hang
     until the client has finished. This could be exploited in a Denial Of
     Service attack (bsc#1097158)
   - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SECURITY:

      zypper in -t patch secsp3-openssl1-13755=1



Package List:

   - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64):

      libopenssl1-devel-1.0.1g-0.58.12.1
      libopenssl1_0_0-1.0.1g-0.58.12.1
      openssl1-1.0.1g-0.58.12.1
      openssl1-doc-1.0.1g-0.58.12.1

   - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64):

      libopenssl1_0_0-32bit-1.0.1g-0.58.12.1

   - SUSE Linux Enterprise Server 11-SECURITY (ia64):

      libopenssl1_0_0-x86-1.0.1g-0.58.12.1


References:

   https://www.suse.com/security/cve/CVE-2018-0732.html
   https://www.suse.com/security/cve/CVE-2018-0737.html
   https://bugzilla.suse.com/1089039
   https://bugzilla.suse.com/1097158
   https://bugzilla.suse.com/1097624
   https://bugzilla.suse.com/1098592

SUSE: 2018:2545-1 moderate: openssl1

August 28, 2018
An update that solves two vulnerabilities and has two fixes is now available

Summary

This update for openssl1 fixes the following security issues: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-13755=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.12.1 libopenssl1_0_0-1.0.1g-0.58.12.1 openssl1-1.0.1g-0.58.12.1 openssl1-doc-1.0.1g-0.58.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.12.1

References

#1089039 #1097158 #1097624 #1098592

Cross- CVE-2018-0732 CVE-2018-0737

Affected Products:

SUSE Linux Enterprise Server 11-SECURITY

https://www.suse.com/security/cve/CVE-2018-0732.html

https://www.suse.com/security/cve/CVE-2018-0737.html

https://bugzilla.suse.com/1089039

https://bugzilla.suse.com/1097158

https://bugzilla.suse.com/1097624

https://bugzilla.suse.com/1098592

Severity
Announcement ID: SUSE-SU-2018:2545-1
Rating: moderate

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo