Researchers from the University of Stanford have discovered certain weaknesses in OpenSSL’s RSA decryption algorithm. It allows remote attackers to compute the private RSA key of a server by observing its timing behavior. This bug has been fixed by enabling “RSA blinding”, by default. Additionally an extension of the “Bleichenbacher attack” has been developed by Czech researchers against OpenSSL. This weakness has also been fixed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 8.2 | i586 | openssl-devel | < 0.9.6i-12 | openssl-devel-0.9.6i-12.i586.rpm |
openSUSE | 7.3 | ppc | openssl | < 0.9.6b-150 | openssl-0.9.6b-150.ppc.rpm |
openSUSE | 7.3 | i386 | openssl-devel | < 0.9.6b-156 | openssl-devel-0.9.6b-156.i386.rpm |
openSUSE | 7.3 | sparc | openssl | < 0.9.6b-89 | openssl-0.9.6b-89.sparc.rpm |
openSUSE | 8.1 | i586 | openssl-devel | < 0.9.6g-68 | openssl-devel-0.9.6g-68.i586.rpm |
openSUSE | 7.3 | ppc | openssl-devel | < 0.9.6b-150 | openssl-devel-0.9.6b-150.ppc.rpm |
openSUSE | 8.2 | i586 | openssl | < 0.9.6i-12 | openssl-0.9.6i-12.i586.rpm |
openSUSE | 7.1 | i386 | openssl-devel | < 0.9.6a-81 | openssl-devel-0.9.6a-81.i386.rpm |
openSUSE | 7.1 | ppc | openssl-devel | < 0.9.6a-31 | openssl-devel-0.9.6a-31.ppc.rpm |
openSUSE | 8.0 | i386 | openssl-devel | < 0.9.6c-85 | openssl-devel-0.9.6c-85.i386.rpm |