Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

SUSE Linux 12-SP2: 2018:2928-2 Moderate: OpenSSL Cache Timing Fix

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
SUSE Security Advisory for libcurl Anniversary ID: SUSE-SU-2019:1234-1 addresses critical vulnerabilities.
An update that solves one vulnerability and has 5 fixes is now available

Summary

This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Patch Instructions:

References

#1089039 #1101246 #1101470 #1104789 #1106197

#997043

Cross- CVE-2018-0737

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2018-0737.html

https://bugzilla.suse.com/1089039

https://bugzilla.suse.com/1101246

https://bugzilla.suse.com/1101470

https://bugzilla.suse.com/1104789

https://bugzilla.suse.com/1106197

https://bugzilla.suse.com/997043

Announcement ID: SUSE-SU-2018:2928-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.