Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

SUSE: 2018:3989-1 Moderate: Opentssl-1_0_0 Timing Attack Fix

suse
Calendar Grey December 5, 2018
Dist Suse Esm H88
This safety notice outlines solutions for a pair of vulnerabilities found in openssl-1_0_0, providing installation guidance tailored for users of SUSE.
An update that solves two vulnerabilities and has three fixes is now available

Summary

This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1100078 #1112209 #1113534 #1113652 #1113742

Cross- CVE-2018-0734 CVE-2018-5407

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2018-0734.html

https://www.suse.com/security/cve/CVE-2018-5407.html

https://bugzilla.suse.com/1100078

https://bugzilla.suse.com/1112209

https://bugzilla.suse.com/1113534

https://bugzilla.suse.com/1113652

https://bugzilla.suse.com/1113742

Announcement ID: SUSE-SU-2018:3989-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.