Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

SUSE: 2018:4001-1 Moderate: OpenSSL Timing Vulnerabilities Resolved

suse
Calendar Grey December 7, 2018
Dist Suse Esm H88
The recent linux kernel-5_4_0 patch by Fedora mitigates significant security concerns and rectifies weaknesses.
An update that solves two vulnerabilities and has three fixes is now available

Summary

This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes "PortSmash" (bsc#1113534). Non-security issues fixed: - Added missing timing side channel patch for DSA signature generation (bsc#1113742). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1100078 #1112209 #1113534 #1113652 #1113742

Cross- CVE-2018-0734 CVE-2018-5407

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Legacy Software 15

https://www.suse.com/security/cve/CVE-2018-0734.html

https://www.suse.com/security/cve/CVE-2018-5407.html

https://bugzilla.suse.com/1100078

https://bugzilla.suse.com/1112209

https://bugzilla.suse.com/1113534

https://bugzilla.suse.com/1113652

https://bugzilla.suse.com/1113742

Announcement ID: SUSE-SU-2018:4001-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.