openssl: security update
This update of openssl fixes a timing attack. This attack
can be used to obtain the private key of a TLS server
whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2
Base Score: 4.3 (important) (AV:N/AC:M/Au:N/C:P/I:N/A:N):
Cryptographic Issues (CWE-310)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4669
Fixed bugs
bnc#693027
VUL-0: openssl timing attacks
CVE#CVE-2011-1945
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easi
