Oval Definition:oval:org.opensuse.security:def:56230
Revision Date:2020-12-01Version:1
Title:Security update for openssl (Important)
Description:

This update for openssl fixes the following issues:

- OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \'error state\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905) * CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)
Family:unixClass:patch
Status:Reference(s):1012382
1015119
1033447
1033448
1037559
1047118
1047626
1063671
1064392
1066471
1066472
1068032
1070623
1071905
1071906
1073246
1073311
1073792
1073874
1074709
1075091
1075411
1075908
1075994
1076017
1076110
1076154
1076278
1077182
1077355
1077560
1077922
1081317
1160467
1160468
578053
884828
884830
893777
893949
902893
946148
951638
952539
954592
956631
966435
966436
CVE-2002-2443
CVE-2007-4772
CVE-2007-6600
CVE-2009-0035
CVE-2009-0844
CVE-2009-0845
CVE-2009-0846
CVE-2009-0847
CVE-2009-3295
CVE-2009-4034
CVE-2009-4136
CVE-2009-4212
CVE-2010-0283
CVE-2010-0628
CVE-2010-1169
CVE-2010-1170
CVE-2010-1320
CVE-2010-1321
CVE-2010-1322
CVE-2010-1323
CVE-2010-1324
CVE-2010-3433
CVE-2010-4020
CVE-2010-4021
CVE-2010-4022
CVE-2011-0281
CVE-2011-0282
CVE-2011-0284
CVE-2011-0285
CVE-2011-1527
CVE-2011-1528
CVE-2011-1529
CVE-2011-1530
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
CVE-2012-1012
CVE-2012-1013
CVE-2012-1016
CVE-2012-2143
CVE-2012-2451
CVE-2012-2655
CVE-2012-3488
CVE-2012-3489
CVE-2012-4453
CVE-2013-0156
CVE-2013-0255
CVE-2013-1415
CVE-2013-1417
CVE-2013-1418
CVE-2013-1899
CVE-2013-1900
CVE-2013-1901
CVE-2013-1990
CVE-2013-1999
CVE-2014-0011
CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066
CVE-2014-0067
CVE-2014-4341
CVE-2014-4342
CVE-2014-4343
CVE-2014-4344
CVE-2014-4345
CVE-2014-5351
CVE-2014-5352
CVE-2014-5353
CVE-2014-5354
CVE-2014-5355
CVE-2014-8240
CVE-2014-9421
CVE-2014-9422
CVE-2014-9423
CVE-2015-0255
CVE-2015-1142857
CVE-2015-2694
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE-2015-2698
CVE-2015-3165
CVE-2015-3166
CVE-2015-3167
CVE-2015-5288
CVE-2015-5289
CVE-2015-8370
CVE-2015-8629
CVE-2015-8630
CVE-2015-8631
CVE-2016-0766
CVE-2016-0773
CVE-2016-3119
CVE-2016-3120
CVE-2016-8745
CVE-2017-13080
CVE-2017-13215
CVE-2017-15649
CVE-2017-17741
CVE-2017-17805
CVE-2017-17806
CVE-2017-18079
CVE-2017-3737
CVE-2017-3738
CVE-2017-5647
CVE-2017-5648
CVE-2017-5715
CVE-2017-8779
CVE-2018-1000004
CVE-2019-14896
CVE-2019-14897
SUSE-SU-2015:2385-1
SUSE-SU-2016:0555-1
SUSE-SU-2017:1314-1
SUSE-SU-2017:1382-1
SUSE-SU-2017:3130-1
SUSE-SU-2017:3343-1
SUSE-SU-2018:0525-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND dnsmasq-2.78-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • nodejs10-10.16.0-lp151.2.3 is installed
  • OR nodejs10-devel-10.16.0-lp151.2.3 is installed
  • OR nodejs10-docs-10.16.0-lp151.2.3 is installed
  • OR npm10-10.16.0-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • grub2-2.00-0.54 is installed
  • OR grub2-x86_64-efi-2.00-0.54 is installed
  • OR grub2-x86_64-xen-2.00-0.54 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.20 is installed
  • OR libopenssl1_0_0-1.0.2j-60.20 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.20 is installed
  • OR openssl-1.0.2j-60.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR alsa-docs-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_67-60_64_18-default-12-2 is installed
  • OR kgraft-patch-3_12_67-60_64_18-xen-12-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_9-12-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • krb5-1.12.5-39 is installed
  • OR krb5-32bit-1.12.5-39 is installed
  • OR krb5-client-1.12.5-39 is installed
  • OR krb5-doc-1.12.5-39 is installed
  • OR krb5-plugin-kdb-ldap-1.12.5-39 is installed
  • OR krb5-plugin-preauth-otp-1.12.5-39 is installed
  • OR krb5-plugin-preauth-pkinit-1.12.5-39 is installed
  • OR krb5-server-1.12.5-39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • freeradius-server-3.0.3-17.12 is installed
  • OR freeradius-server-doc-3.0.3-17.12 is installed
  • OR freeradius-server-krb5-3.0.3-17.12 is installed
  • OR freeradius-server-ldap-3.0.3-17.12 is installed
  • OR freeradius-server-libs-3.0.3-17.12 is installed
  • OR freeradius-server-mysql-3.0.3-17.12 is installed
  • OR freeradius-server-perl-3.0.3-17.12 is installed
  • OR freeradius-server-postgresql-3.0.3-17.12 is installed
  • OR freeradius-server-python-3.0.3-17.12 is installed
  • OR freeradius-server-sqlite-3.0.3-17.12 is installed
  • OR freeradius-server-utils-3.0.3-17.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.46 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.46 is installed
  • OR openssl-1.0.2j-60.46 is installed
  • OR openssl-doc-1.0.2j-60.46 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kernel-firmware-20170530-21.22 is installed
  • OR ucode-amd-20170530-21.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libsnmp30-5.7.3-4 is installed
  • OR libsnmp30-32bit-5.7.3-4 is installed
  • OR net-snmp-5.7.3-4 is installed
  • OR perl-SNMP-5.7.3-4 is installed
  • OR snmp-mibs-5.7.3-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND libzip2-0.11.1-13.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-extlib-0.9.16-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ucode-intel-20200602-13.68 is installed
    • BACK