Lucene search

K
suseSuseOPENSUSE-SU-2019:1175-1
HistoryApr 08, 2019 - 12:00 a.m.

Security update for openssl (moderate)

2019-04-0800:00:00
lists.opensuse.org
76

EPSS

0.01

Percentile

83.8%

An update that solves one vulnerability and has three fixes
is now available.

Description:

This update for openssl fixes the following issues:

Security issues fixed:

  • The 9 Lives of Bleichenbacher’s CAT: Cache Attacks on TLS
    Implementations (bsc#1117951)
  • CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under
    certain circumstances a TLS server can be forced to respond differently
    to a client and lead to the decryption of the data (bsc#1127080).

Other issues addressed:

  • Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl
    (bsc#1113975).
  • Set TLS version to 0 in msg_callback for record messages to avoid
    confusing applications (bsc#1100078).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 42.3:

    zypper in -t patch openSUSE-2019-1175=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.3i586< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.i586.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.x86_64.rpm
openSUSE Leap42.3noarch< - openSUSE Leap 42.3 (noarch):- openSUSE Leap 42.3 (noarch):.noarch.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (x86_64):- openSUSE Leap 42.3 (x86_64):.x86_64.rpm