Security update for openssl
This update for openssl fixes the following issues:
Security issues fixed:
- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).
- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).
- Add missing timing side channel patch for DSA signature generation (bsc#1113742).
Non-security issues fixed:
- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Vítězslav Čížek (vitezslav_cizek)
Fixed bugs
bnc#1112209
openssl-1_1 - hangs generating DSA key
bnc#1113652
VUL-1: CVE-2018-0734: openssl,openssl1,openssl-1_1,openssl-1_0_0,compat-openssl098: Timing vulnerability in DSA signature generation
bnc#1113534
VUL-0: CVE-2018-5407: Hyperthread port content side channel aka "PortSmash"
bnc#1113742
VUL-1: openssl: missing timing side channel patch for DSA signature generation
