Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

SUSE: 2018:3864-1 Moderate Security Update for OpenSSL Issues

suse
Calendar Grey November 22, 2018
Dist Suse Esm H88
SUSE releases patches for openssl to tackle four security vulnerabilities rated as moderate severity, offering detailed instructions for implementation.
An update that solves four vulnerabilities and has two fixes is now available

Summary

This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789). Non-security issues fixed: - Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470). Patch Instructions:

References

#1101470 #1104789 #1106197 #1110018 #1113534

#1113652

Cross- CVE-2016-8610 CVE-2018-0734 CVE-2018-0737

CVE-2018-5407

Affected Products:

SUSE Linux Enterprise Server 12-SP1-LTSS

https://www.suse.com/security/cve/CVE-2016-8610.html

https://www.suse.com/security/cve/CVE-2018-0734.html

https://www.suse.com/security/cve/CVE-2018-0737.html

https://www.suse.com/security/cve/CVE-2018-5407.html

https://bugzilla.suse.com/1101470

https://bugzilla.suse.com/1104789

https://bugzilla.suse.com/1106197

https://bugzilla.suse.com/1110018

https://bugzilla.suse.com/1113534

https://bugzilla.suse.com/1113652

Announcement ID: SUSE-SU-2018:3864-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.