Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

SUSE: 2018:3863-1 Moderate: openssl-1_1 Timing Issues Identified

suse
Calendar Grey November 22, 2018
Dist Suse Esm H88
SUSE Security Update for openssl-1_1 addresses timing flaws CVE-2018-0734 and CVE-2018-0735 found in the signature creation process.
An update that fixes two vulnerabilities is now available

Summary

This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2758=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2758=1 Package List:

References

#1113651 #1113652

Cross- CVE-2018-0734 CVE-2018-0735

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-0734.html

https://www.suse.com/security/cve/CVE-2018-0735.html

https://bugzilla.suse.com/1113651

https://bugzilla.suse.com/1113652

Announcement ID: SUSE-SU-2018:3863-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.