Security update for libressl
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:0409-1
Final
1
1
2017-02-07T07:32:51Z
current
2017-02-07T07:32:51Z
2017-02-07T07:32:51Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libressl
This update for libressl fixes the following issues:
- CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user
to recover the private part from ECDSA P-256 keys (boo#1019334)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2017-02/msg00038.html
E-Mail link for openSUSE-SU-2017:0409-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.1
openSUSE Leap 42.2
libcrypto36-2.3.0-10.1
libcrypto36-32bit-2.3.0-10.1
libcrypto37-2.3.4-3.1
libcrypto37-32bit-2.3.4-3.1
libressl-2.3.4-3.1
libressl-devel-2.3.4-3.1
libressl-devel-32bit-2.3.4-3.1
libressl-devel-doc-2.3.4-3.1
libssl37-2.3.0-10.1
libssl37-32bit-2.3.0-10.1
libssl38-2.3.4-3.1
libssl38-32bit-2.3.4-3.1
libtls10-2.3.4-3.1
libtls10-32bit-2.3.4-3.1
libtls9-2.3.0-10.1
libtls9-32bit-2.3.0-10.1
libcrypto36-2.3.0-10.1 as a component of openSUSE Leap 42.1
libcrypto36-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.1
libcrypto37-2.3.4-3.1 as a component of openSUSE Leap 42.1
libcrypto37-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1
libressl-2.3.4-3.1 as a component of openSUSE Leap 42.1
libressl-devel-2.3.4-3.1 as a component of openSUSE Leap 42.1
libressl-devel-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1
libressl-devel-doc-2.3.4-3.1 as a component of openSUSE Leap 42.1
libssl37-2.3.0-10.1 as a component of openSUSE Leap 42.1
libssl37-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.1
libssl38-2.3.4-3.1 as a component of openSUSE Leap 42.1
libssl38-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1
libtls10-2.3.4-3.1 as a component of openSUSE Leap 42.1
libtls10-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1
libtls9-2.3.0-10.1 as a component of openSUSE Leap 42.1
libtls9-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.1
libcrypto36-2.3.0-10.1 as a component of openSUSE Leap 42.2
libcrypto36-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.2
libcrypto37-2.3.4-3.1 as a component of openSUSE Leap 42.2
libcrypto37-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2
libressl-2.3.4-3.1 as a component of openSUSE Leap 42.2
libressl-devel-2.3.4-3.1 as a component of openSUSE Leap 42.2
libressl-devel-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2
libressl-devel-doc-2.3.4-3.1 as a component of openSUSE Leap 42.2
libssl37-2.3.0-10.1 as a component of openSUSE Leap 42.2
libssl37-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.2
libssl38-2.3.4-3.1 as a component of openSUSE Leap 42.2
libssl38-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2
libtls10-2.3.4-3.1 as a component of openSUSE Leap 42.2
libtls10-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2
libtls9-2.3.0-10.1 as a component of openSUSE Leap 42.2
libtls9-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.2
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2016-7056
openSUSE Leap 42.1:libcrypto36-2.3.0-10.1
openSUSE Leap 42.1:libcrypto36-32bit-2.3.0-10.1
openSUSE Leap 42.1:libcrypto37-2.3.4-3.1
openSUSE Leap 42.1:libcrypto37-32bit-2.3.4-3.1
openSUSE Leap 42.1:libressl-2.3.4-3.1
openSUSE Leap 42.1:libressl-devel-2.3.4-3.1
openSUSE Leap 42.1:libressl-devel-32bit-2.3.4-3.1
openSUSE Leap 42.1:libressl-devel-doc-2.3.4-3.1
openSUSE Leap 42.1:libssl37-2.3.0-10.1
openSUSE Leap 42.1:libssl37-32bit-2.3.0-10.1
openSUSE Leap 42.1:libssl38-2.3.4-3.1
openSUSE Leap 42.1:libssl38-32bit-2.3.4-3.1
openSUSE Leap 42.1:libtls10-2.3.4-3.1
openSUSE Leap 42.1:libtls10-32bit-2.3.4-3.1
openSUSE Leap 42.1:libtls9-2.3.0-10.1
openSUSE Leap 42.1:libtls9-32bit-2.3.0-10.1
openSUSE Leap 42.2:libcrypto36-2.3.0-10.1
openSUSE Leap 42.2:libcrypto36-32bit-2.3.0-10.1
openSUSE Leap 42.2:libcrypto37-2.3.4-3.1
openSUSE Leap 42.2:libcrypto37-32bit-2.3.4-3.1
openSUSE Leap 42.2:libressl-2.3.4-3.1
openSUSE Leap 42.2:libressl-devel-2.3.4-3.1
openSUSE Leap 42.2:libressl-devel-32bit-2.3.4-3.1
openSUSE Leap 42.2:libressl-devel-doc-2.3.4-3.1
openSUSE Leap 42.2:libssl37-2.3.0-10.1
openSUSE Leap 42.2:libssl37-32bit-2.3.0-10.1
openSUSE Leap 42.2:libssl38-2.3.4-3.1
openSUSE Leap 42.2:libssl38-32bit-2.3.4-3.1
openSUSE Leap 42.2:libtls10-2.3.4-3.1
openSUSE Leap 42.2:libtls10-32bit-2.3.4-3.1
openSUSE Leap 42.2:libtls9-2.3.0-10.1
openSUSE Leap 42.2:libtls9-32bit-2.3.0-10.1
moderate
4.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-02/msg00038.html
https://www.suse.com/security/cve/CVE-2016-7056.html
CVE-2016-7056
https://bugzilla.suse.com/1005878
SUSE Bug 1005878
https://bugzilla.suse.com/1018910
SUSE Bug 1018910
https://bugzilla.suse.com/1019334
SUSE Bug 1019334