File _patchinfo of Package patchinfo.13614
<patchinfo incident="13614">
<issue tracker="bnc" id="1140277">ship a parallel installable openssl command line tool for 1.1</issue>
<issue tracker="bnc" id="1133925">Tracker bug for SLE-6430</issue>
<issue tracker="bnc" id="1150250">VUL-1: CVE-2019-1563: openssl,openssl1,openssl-1_0_0,openssl-1_1,compat-openssl097g,compat-openssl098: bleichenbacher attack against cms/pkcs7 encryptioon transported key</issue>
<issue tracker="bnc" id="1158809">VUL-1: CVE-2019-1551: openssl: Integer overflow in RSAZ modular exponentiation on x86_64</issue>
<issue tracker="bnc" id="1150247">VUL-0: CVE-2019-1549: openssl-1_1: fork problem with random generator</issue>
<issue tracker="bnc" id="1150003">VUL-0: CVE-2019-1547: openssl: EC_GROUP_set_generator side channel attack avoidance</issue>
<issue tracker="cve" id="2019-1551"/>
<issue tracker="cve" id="2019-1547"/>
<issue tracker="cve" id="2019-1563"/>
<issue tracker="cve" id="2019-1549"/>
<issue tracker="jsc" id="SLE-6430"/>
<packager>pmonrealgonzalez</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for openssl-1_1</summary>
<description>This update for openssl-1_1 fixes the following issues:
Security issue fixed:
- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).
- CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key (bsc#1150250).
- CVE-2019-1551: Fixed integer overflow in RSAZ modular exponentiation on x86_64 (bsc#1158809).
- CVE-2019-1549: Fixed fork problem with random generator (bsc#1150247).
- CVE-2019-1547: Fixed EC_GROUP_set_generator side channel attack avoidance (bsc#1150003).
Bug fixes:
- Ship the openssl 1.1.1 binary as openssl-1_1, and make it installable in parallel with the system openssl (bsc#1140277).
- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430).
</description>
</patchinfo>
