Security update for openssl-1_0_0
This update for openssl-1_0_0 fixes the following issues:
OpenSSL Security Advisory [10 September 2019]
* CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003)
* CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250)
In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1131291
VUL-0: openssl: elliptic curve bypass issue (VU#871675)
bnc#1150250
VUL-1: CVE-2019-1563: openssl,openssl1,openssl-1_0_0,openssl-1_1,compat-openssl097g,compat-openssl098: bleichenbacher attack against cms/pkcs7 encryptioon transported key
bnc#1150003
VUL-0: CVE-2019-1547: openssl: EC_GROUP_set_generator side channel attack avoidance
