rpm package
suse/openssl-1_1&distro=SUSE Linux Enterprise Server 12 SP4
pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-1967 | — | < 1.1.1d-2.23.1 | 1.1.1d-2.23.1 | Apr 21, 2020 | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognise | ||
| CVE-2019-1551 | — | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Dec 6, 2019 | There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult | ||
| CVE-2019-1563 | — | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Sep 10, 2019 | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th | ||
| CVE-2019-1549 | — | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Sep 10, 2019 | OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in | ||
| CVE-2019-1547 | — | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Sep 10, 2019 | Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g | ||
| CVE-2019-1543 | — | < 1.1.1-2.9.1 | 1.1.1-2.9.1 | Mar 6, 2019 | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 byt | ||
| CVE-2018-0734 | — | < 1.1.1-2.3.1 | 1.1.1-2.3.1 | Oct 30, 2018 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi | ||
| CVE-2018-0735 | — | < 1.1.1-2.3.1 | 1.1.1-2.3.1 | Oct 29, 2018 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). |
- CVE-2020-1967Apr 21, 2020affected < 1.1.1d-2.23.1fixed 1.1.1d-2.23.1
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognise
- CVE-2019-1551Dec 6, 2019affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult
- CVE-2019-1563Sep 10, 2019affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th
- CVE-2019-1549Sep 10, 2019affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in
- CVE-2019-1547Sep 10, 2019affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g
- CVE-2019-1543Mar 6, 2019affected < 1.1.1-2.9.1fixed 1.1.1-2.9.1
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 byt
- CVE-2018-0734Oct 30, 2018affected < 1.1.1-2.3.1fixed 1.1.1-2.3.1
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi
- CVE-2018-0735Oct 29, 2018affected < 1.1.1-2.3.1fixed 1.1.1-2.3.1
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).