SUSE-SU-2019:2561-1

UNKNOWN

Security update for openssl-1_0_0

Published Oct 4, 2019

Modified 6 years ago

Fix available

Details

This update for openssl-1_0_0 fixes the following issues:

OpenSSL Security Advisory [10 September 2019]

CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003)
CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250)

In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291).

Affected Packages

libopenssl1_0_0

SUSE Enterprise Storage 6SUSE Linux Enterprise Module for Legacy 15SUSE Linux Enterprise Module for Legacy 15 SP1

Fixed in:

1.0.2p-3.22.1

openssl-1_0_0

SUSE Enterprise Storage 6SUSE Linux Enterprise Module for Legacy 15SUSE Linux Enterprise Module for Legacy 15 SP1

Fixed in:

1.0.2p-3.22.1

libopenssl-1_0_0-devel

SUSE Linux Enterprise Module for Legacy 15SUSE Linux Enterprise Module for Legacy 15 SP1

Fixed in:

1.0.2p-3.22.1

References

Upstream

Ecosystems

Timeline

PublishedOct 4, 2019

ModifiedOct 4, 2019

SUSE-SU-2019:2561-1 | Mondoo Vulnerability Intelligence