SUSE: 2019:4583-2 Critical: LibXML2 Buffer Overflow Vulnerability

suse

September 10, 2018

An update that solves three vulnerabilities and has two fixes is now available

Summary

This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039)

Topics Covered

security advisory moderate update timing attack Denial of Service SUSE openssl

References

#1087102 #1089039 #1097158 #1097624 #1098592

Cross- CVE-2018-0732 CVE-2018-0737 CVE-2018-0739

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Module for Legacy Software 12

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2018-0732.html

https://www.suse.com/security/cve/CVE-2018-0737.html

https://www.suse.com/security/cve/CVE-2018-0739.html

https://bugzilla.suse.com/1087102

https://bugzilla.suse.com/1089039

https://bugzilla.suse.com/1097158

https://bugzilla.suse.com/1097624

https://bugzilla.suse.com/1098592

Announcement ID: SUSE-SU-2018:2683-1

Rating: moderate

Topics Covered

security advisory moderate update timing attack Denial of Service SUSE openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:4583-2 Critical: LibXML2 Buffer Overflow Vulnerability

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:4583-2 Critical: LibXML2 Buffer Overflow Vulnerability

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!