Security update for openssl-1_0_0
This update for openssl-1_0_0 fixes the following issues:
- CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based
ciphersuite a malicious server could have sent a very large prime value to the
client. This caused the client to spend an unreasonably long period of time
generating a key for this prime resulting in a hang until the client has
finished. This could be exploited in a Denial Of Service attack (bsc#1097158).
- Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Simon Lees (simotek)
Fixed bugs
bnc#1097158
VUL-0: CVE-2018-0732: openssl1,openssl,compat-openssl098: Reject excessively large primes in DH key generation.
bnc#1097624
VUL-1: openssl,openssl1,openssl-1_1,openssl-1_0_2: blinding enhancements for ECDSA
bnc#1098592
VUL-1: openssl,openssl1,openssl-1_1,openssl-1_0_2: blinding enhancements for DSA
