openSUSE Build Service

Security update for openssl

This update for openssl fixes the following issues:

These security issues were fixed:

- Prevent One&Done side-channel attack on RSA that allowed physically near
attackers to use EM emanations to recover information (bsc#1104789)
- CVE-2018-0737: The RSA Key generation algorithm has been shown to be
vulnerable to a cache timing side channel attack. An attacker with sufficient
access to mount cache timing attacks during the RSA key generation process
could have recovered the private key (bsc#1089039)

These non-security issues were fixed:

- Add openssl(cli) Provide so the packages that require the openssl
binary can require this instead of the new openssl meta package
(bsc#1101470)
- Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246,
bsc#997043)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Submitted by Vítězslav Čížek (vitezslav_cizek)

Fixed bugs

bnc#1106197

[FIPS][Build 0365] openQA test fails in openssl_pubkey_rsa and generating RSA private key fail

bnc#997043

SLES 12 SP2 RC2 - Relocate /usr/lib64/engines/libibmpkcs11 files to /lib64/engines/ in openssl-ibmpkcs11-1.0.0-9.2.s390x package

bnc#1104789

VUL-1: openssl,openssl1,openssl-1_1,openssl-1_0_2: side channel attack in exponentation "'One and Done" attack

bnc#1089039

VUL-1: CVE-2018-0737: openssl side channel attacks against RSA keygeneration

bnc#1101246

openssl: pkg-config enginesdir returns wrong directory, breaks openssl_tpm_engine

bnc#1101470

OpenSSL 1.0 command line interface cannot be installed without removing essential packages

CVE-2018-0737

Places

Fixed bugs

Selected Binaries

Places