Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
202
security advisorymoderateupdateopenSUSE 15.6 SUSE-SU-2025:0613-1 moderate: OpenSSL-1_1 Timing Issue
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for openssl-1_1 Announcement ID: SUSE-SU-2025:0613-1 Release Date: 2025-02-21T10:38:08Z Rating: moderate References: * bsc#1236136 * bsc#1236771 Cross-References: * CVE-2024-13176 CVSS scores: * CVE-2024-13176 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-13176 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-13176 ( NVD ): 4.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: * Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-613=1 openSUSE-SLE-15.6-2025-613=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-613=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-613=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-613=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-1.1.1w-150600.5.12.2 *libopenssl1_1-debuginfo-1.1.1w-150600.5.12.2 * openssl-1_1-1.1.1w-150600.5.12.2 * openssl-1_1-debuginfo-1.1.1w-150600.5.12.2 * openssl-1_1-debugsource-1.1.1w-150600.5.12.2 * libopenssl-1_1-devel-1.1.1w-150600.5.12.2 * openSUSE Leap 15.6 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.12.2 * libopenssl1_1-32bit-1.1.1w-150600.5.12.2 * libopenssl-1_1-devel-32bit-1.1.1w-150600.5.12.2 * openSUSE Leap 15.6 (noarch) * openssl-1_1-doc-1.1.1w-150600.5.12.2 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1w-150600.5.12.2 * libopenssl1_1-64bit-1.1.1w-150600.5.12.2 * libopenssl-1_1-devel-64bit-1.1.1w-150600.5.12.2 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1w-150600.5.12.2 * libopenssl1_1-1.1.1w-150600.5.12.2 * openssl-1_1-debuginfo-1.1.1w-150600.5.12.2 * openssl-1_1-debugsource-1.1.1w-150600.5.12.2 * Basesystem Module 15-SP6 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.12.2 * libopenssl1_1-32bit-1.1.1w-150600.5.12.2 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1w-150600.5.12.2 * openssl-1_1-debugsource-1.1.1w-150600.5.12.2 * libopenssl-1_1-devel-1.1.1w-150600.5.12.2 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150600.5.12.2 * openssl-1_1-debuginfo-1.1.1w-150600.5.12.2 * openssl-1_1-1.1.1w-150600.5.12.2 ## References: * https://www.suse.com/security/cve/CVE-2024-13176.html * https://bugzilla.suse.com/show_bug.cgi?id=1236136 * https://bugzilla.suse.com/show_bug.cgi?id=1236771 . OpenSSL-1_1 security enhancement on 2025-02-21 resolves timing vulnerabilities and contains an update for SUSE.. OpenSSL Update, SUSE Security Advisory, Timing Side-Channel, Open Source Security, Package Update. . LinuxSecurity.com Team
Feb 21, 2025
OpenSUSE
202
security advisorysecurity fixmoderate issueopenSUSE Leap 15.0: 2018:2592-1 Moderate: libressl Timing Leak
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libressl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2592-1 Rating: moderate References: #1097779 Cross-References: CVE-2018-12434 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libressl to version 2.8.0 fixes the following issues: Security issues fixed: - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. (boo#1097779) - Reject excessively large primes in DH key generation. Other bugs fixed: - Fixed a pair of 20+ year-old bugs in X509_NAME_add_entry. - Tighten up checks for various X509_VERIFY_PARAM functions, 'poisoning' parameters so that an unverified certificate cannot be used if it fails verification. - Fixed a potential memory leak on failure in ASN1_item_digest. - Fixed a potential memory alignment crash in asn1_item_combine_free. - Removed unused SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER flags in write path, simplifying IO paths. - Removed SSL_OP_TLS_ROLLBACK_BUG buggy client workarounds. - Added const annotations to many existing APIs from OpenSSL, making interoperability easier for downstream applications. - Added a missing bounds check in c2i_ASN1_BIT_STRING. - Removed three remaining single DES cipher suites. - Fixed a potential leak/incorrect return value in DSA signature generation. - Added a blinding value when generating DSA and ECDSA signatures, in order to reduce the possibility of a side-channel attack leaking the private key. - Added ECC constant time scalar multiplication support. - Revised the implementation of RSASSA-PKCS1-v1_5 to match the specification in RFC 8017. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-950=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): libcrypto43-2.8.0-lp150.2.3.1 libcrypto43-debuginfo-2.8.0-lp150.2.3.1 libressl-2.8.0-lp150.2.3.1 libressl-debuginfo-2.8.0-lp150.2.3.1 libressl-debugsource-2.8.0-lp150.2.3.1 libressl-devel-2.8.0-lp150.2.3.1 libssl45-2.8.0-lp150.2.3.1 libssl45-debuginfo-2.8.0-lp150.2.3.1 libtls17-2.8.0-lp150.2.3.1 libtls17-debuginfo-2.8.0-lp150.2.3.1 - openSUSE Leap 15.0 (noarch): libressl-devel-doc-2.8.0-lp150.2.3.1 - openSUSE Leap 15.0 (x86_64): libcrypto43-32bit-2.8.0-lp150.2.3.1 libcrypto43-32bit-debuginfo-2.8.0-lp150.2.3.1 libressl-devel-32bit-2.8.0-lp150.2.3.1 libssl45-32bit-2.8.0-lp150.2.3.1 libssl45-32bit-debuginfo-2.8.0-lp150.2.3.1 libtls17-32bit-2.8.0-lp150.2.3.1 libtls17-32bit-debuginfo-2.8.0-lp150.2.3.1 References: https://www.suse.com/security/cve/CVE-2018-12434.html https://bugzilla.suse.com/1097779 -- . A patch for libressl in openSUSE Leap 15.0 resolved a moderate vulnerability, improving general security and system robustness.. libressl Update, openSUSE Security, Timing Leak Fix, Security Patch, Moderate Issue. . LinuxSecurity.com Team
Sep 03, 2018
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!