Explore top 10 tips to secure your open-source projects now. Read More
×
This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:
#1100078 #1112209 #1113534 #1113652 #1113742
Cross- CVE-2018-0734 CVE-2018-5407
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
https://www.suse.com/security/cve/CVE-2018-0734.html
https://www.suse.com/security/cve/CVE-2018-5407.html
https://bugzilla.suse.com/1100078
https://bugzilla.suse.com/1112209
https://bugzilla.suse.com/1113534
https://bugzilla.suse.com/1113652
https://bugzilla.suse.com/1113742
Get the latest Linux and open source security news straight to your inbox.