Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for libressl

This update for libressl to version 2.5.1 fixes the following issues:

These security issues were fixed:

- CVE-2016-0702: Prevent side channel attack on modular exponentiation (boo#968050).
- CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing (boo#1019334).

These non-security issues were fixed:

- Detect zero-length encrypted session data early
- Curve25519 Key Exchange support.
- Support for alternate chains for certificate verification.
- Added EVP interface for MD5+SHA1 hashes
- Fixed DTLS client failures when the server sends a certificate request.
- Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection.
- Allowed protocols and ciphers to be set on a TLS config object in libtls.

Fixed bugs
bnc#1019334
VUL-1: CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery
bnc#968050
VUL-1: CVE-2016-0702: openssl: Side channel attack on modular exponentiation "CacheBleed"
CVE-2016-0702
CVE-2016-7056
Selected Binaries
openSUSE Build Service is sponsored by
Places