Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Update
patchinfo.6709
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.6709
<patchinfo incident="6709"> <issue id="1019334" tracker="bnc">VUL-1: CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery</issue> <issue id="968050" tracker="bnc">VUL-1: CVE-2016-0702: openssl: Side channel attack on modular exponentiation "CacheBleed"</issue> <issue id="2016-0702" tracker="cve" /> <issue id="2016-7056" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>jengelh</packager> <description> This update for libressl to version 2.5.1 fixes the following issues: These security issues were fixed: - CVE-2016-0702: Prevent side channel attack on modular exponentiation (boo#968050). - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing (boo#1019334). These non-security issues were fixed: - Detect zero-length encrypted session data early - Curve25519 Key Exchange support. - Support for alternate chains for certificate verification. - Added EVP interface for MD5+SHA1 hashes - Fixed DTLS client failures when the server sends a certificate request. - Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. - Allowed protocols and ciphers to be set on a TLS config object in libtls. </description> <summary>Security update for libressl</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor