Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisorymoderateopensslSUSE Linux 12-SP2: 2018:2928-2 Moderate: OpenSSL Cache Timing Fix
An update that solves one vulnerability and has 5 fixes is now available. . SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2928-2 Rating: moderate References: #1089039 #1101246 #1101470 #1104789 #1106197 #997043 Cross-References: CVE-2018-0737 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2069=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.39.1 libopenssl1_0_0-1.0.2j-60.39.1 libopenssl1_0_0-32bit-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-1.0.2j-60.39.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1 libopenssl1_0_0-hmac-1.0.2j-60.39.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1 openssl-1.0.2j-60.39.1 openssl-debuginfo-1.0.2j-60.39.1 openssl-debugsource-1.0.2j-60.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.39.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1101246 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/997043 _______________________________________________ sle-security-updates mailing list
Oct 18, 2018
SuSE
100
security advisorymoderateopensslSUSE: 2018:2965-1 Moderate: openssl-1_0_0 Denial Of Service Risk
An update that solves two vulnerabilities and has three fixes is now available. . SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2965-1 Rating: moderate References: #1089039 #1097158 #1101470 #1104789 #1106197 Cross-References: CVE-2018-0732 CVE-2018-0737 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssl-1_0_0 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks This non-security issue was fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) Patch Instructions: To installthis SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2095=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.8.1 libopenssl1_0_0-1.0.2p-3.8.1 libopenssl1_0_0-debuginfo-1.0.2p-3.8.1 openssl-1_0_0-1.0.2p-3.8.1 openssl-1_0_0-debuginfo-1.0.2p-3.8.1 openssl-1_0_0-debugsource-1.0.2p-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 _______________________________________________ sle-security-updates mailing list
Oct 01, 2018
SuSE
202
security advisorysecurity updatemoderate severityopenSUSE Leap 42.3: 2018:2957-1 Moderate: OpenSSL Cache Timing Attack
An update that solves one vulnerability and has 5 fixes is now available.. openSUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2957-1 Rating: moderate References: #1089039 #1101246 #1101470 #1104789 #1106197 #997043 Cross-References: CVE-2018-0737 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1091=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libopenssl-devel-1.0.2j-29.1 libopenssl1_0_0-1.0.2j-29.1 libopenssl1_0_0-debuginfo-1.0.2j-29.1 libopenssl1_0_0-hmac-1.0.2j-29.1 openssl-1.0.2j-29.1 openssl-cavs-1.0.2j-29.1 openssl-cavs-debuginfo-1.0.2j-29.1 openssl-debuginfo-1.0.2j-29.1 openssl-debugsource-1.0.2j-29.1 - openSUSE Leap 42.3 (noarch): openssl-doc-1.0.2j-29.1 - openSUSE Leap 42.3 (x86_64): libopenssl-devel-32bit-1.0.2j-29.1 libopenssl1_0_0-32bit-1.0.2j-29.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-29.1 libopenssl1_0_0-hmac-32bit-1.0.2j-29.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1101246 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/997043 -- . The latest update for Fedora tackles a significant security concern regarding OpenSSL that affects RSA key creation and includes several important patches.. OpenSSL Security, Cache Timing Protection, OpenSUSE Update. . LinuxSecurity.com Team
Sep 30, 2018
OpenSUSE
203
security advisorydenial of serviceopensslMageia 6 MGASA-2018-0365 Moderate: OpenSSL Denial Of Service Threat
Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a . MGASA-2018-0365 - Updated openssl packages fix security vulnerabilities Publication date: 02 Sep 2018 URL: https://advisories.mageia.org/MGASA-2018-0365.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-0732, CVE-2018-0737 Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (CVE-2018-0732). The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key (CVE-2018-0737). References: - https://bugs.mageia.org/show_bug.cgi?id=22934 - https://openssl-library.org/news/secadv/20180416.txt - https://openwall.com/lists/oss-security/2018/04/16/3 - https://ubuntu.com/security/notices/USN-3692-1 - https://ubuntu.com/security/notices/USN-3628-1 - https://www.cve.org/CVERecord?id=CVE-2018-0732 - https://www.cve.org/CVERecord?id=CVE-2018-0737 SRPMS: - 6/core/openssl-1.0.2p-1.mga6 . MGASA-2018-0365 - Updated openssl packages fix security vulnerabilities Publication date: 02 Sep 201. updated, openssl, packages, security, vulnerabilities, during, agreement, handshake, using. . LinuxSecurity.com Team
Sep 02, 2018
Mageia
100
security advisorymoderatedenial of serviceSUSE: 2018:2545-1 Moderate: OpenSSL1 Key Generation Risk
An update that solves two vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2545-1 Rating: moderate References: #1089039 #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 CVE-2018-0737 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openssl1 fixes the following security issues: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-13755=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.12.1 libopenssl1_0_0-1.0.1g-0.58.12.1 openssl1-1.0.1g-0.58.12.1 openssl1-doc-1.0.1g-0.58.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.12.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 . SUSE has released a security update for openssl1, addressing vulnerabilities: moderate severity, denial of service risks, and cache timing attacks.. openssl update, SUSE Linux Server, security patch, system vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Aug 28, 2018
•Important
SuSE
100
security advisorymoderateattackSUSE: 2018:2492-1 Moderate: OpenSSL RSA Key Generation Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2492-1 Rating: moderate References: #1089039 Cross-References: CVE-2018-0737 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1752=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1752=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libopenssl1_0_0-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-1.0.1i-54.17.1 libopenssl1_0_0-hmac-1.0.1i-54.17.1 openssl-1.0.1i-54.17.1 openssl-debuginfo-1.0.1i-54.17.1 openssl-debugsource-1.0.1i-54.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-32bit-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.17.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-1.0.1i-54.17.1 libopenssl1_0_0-hmac-1.0.1i-54.17.1 openssl-1.0.1i-54.17.1 openssl-debuginfo-1.0.1i-54.17.1 openssl-debugsource-1.0.1i-54.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.17.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.17.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 . SUSE Security Notice: Critical openssl patch to resolve RSA key creation vulnerabilities and reduce risks of exploitations.. SUSE Security Update, openssl Issue, RSA Key Attack, Security Patch. . LinuxSecurity.com Team
Aug 24, 2018
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!