Synopsis: Moderate: openssl security, bug fix, and enhancement
Advisory ID: SLSA-2018:3221-1
Issue Date: 2018-10-30
CVE Numbers: CVE-2018-0739
CVE-2017-3735
CVE-2018-0737
CVE-2018-0732
CVE-2018-0495
—
Security Fix(es):
* openssl: ROHNP – Key Extraction Side Channel in Multiple Crypto
Libraries (CVE-2018-0495)
* openssl: Malicious server can send large prime to client during DH(E)
TLS handshake causing the client to hang (CVE-2018-0732)
* openssl: Handling of crafted recursive ASN.1 structures can cause a
stack overflow and resulting denial of service (CVE-2018-0739)
* openssl: Malformed X.509 IPAdressFamily could cause OOB read
(CVE-2017-3735)
* openssl: RSA key generation cache timing vulnerability in
crypto/rsa/rsa_gen.c allows attackers to recover private keys
(CVE-2018-0737)
—
SL7
x86_64
openssl-1.0.2k-16.el7.x86_64.rpm
openssl-debuginfo-1.0.2k-16.el7.i686.rpm
openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm
openssl-libs-1.0.2k-16.el7.i686.rpm
openssl-libs-1.0.2k-16.el7.x86_64.rpm
openssl-devel-1.0.2k-16.el7.i686.rpm
openssl-devel-1.0.2k-16.el7.x86_64.rpm
openssl-perl-1.0.2k-16.el7.x86_64.rpm
openssl-static-1.0.2k-16.el7.i686.rpm
openssl-static-1.0.2k-16.el7.x86_64.rpm
– Scientific Linux Development Team
