Security update for libressl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0409-1 Final 1 1 2017-02-07T07:32:51Z current 2017-02-07T07:32:51Z 2017-02-07T07:32:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libressl This update for libressl fixes the following issues: - CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys (boo#1019334) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-02/msg00038.html E-Mail link for openSUSE-SU-2017:0409-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 libcrypto36-2.3.0-10.1 libcrypto36-32bit-2.3.0-10.1 libcrypto37-2.3.4-3.1 libcrypto37-32bit-2.3.4-3.1 libressl-2.3.4-3.1 libressl-devel-2.3.4-3.1 libressl-devel-32bit-2.3.4-3.1 libressl-devel-doc-2.3.4-3.1 libssl37-2.3.0-10.1 libssl37-32bit-2.3.0-10.1 libssl38-2.3.4-3.1 libssl38-32bit-2.3.4-3.1 libtls10-2.3.4-3.1 libtls10-32bit-2.3.4-3.1 libtls9-2.3.0-10.1 libtls9-32bit-2.3.0-10.1 libcrypto36-2.3.0-10.1 as a component of openSUSE Leap 42.1 libcrypto36-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.1 libcrypto37-2.3.4-3.1 as a component of openSUSE Leap 42.1 libcrypto37-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1 libressl-2.3.4-3.1 as a component of openSUSE Leap 42.1 libressl-devel-2.3.4-3.1 as a component of openSUSE Leap 42.1 libressl-devel-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1 libressl-devel-doc-2.3.4-3.1 as a component of openSUSE Leap 42.1 libssl37-2.3.0-10.1 as a component of openSUSE Leap 42.1 libssl37-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.1 libssl38-2.3.4-3.1 as a component of openSUSE Leap 42.1 libssl38-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1 libtls10-2.3.4-3.1 as a component of openSUSE Leap 42.1 libtls10-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.1 libtls9-2.3.0-10.1 as a component of openSUSE Leap 42.1 libtls9-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.1 libcrypto36-2.3.0-10.1 as a component of openSUSE Leap 42.2 libcrypto36-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.2 libcrypto37-2.3.4-3.1 as a component of openSUSE Leap 42.2 libcrypto37-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2 libressl-2.3.4-3.1 as a component of openSUSE Leap 42.2 libressl-devel-2.3.4-3.1 as a component of openSUSE Leap 42.2 libressl-devel-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2 libressl-devel-doc-2.3.4-3.1 as a component of openSUSE Leap 42.2 libssl37-2.3.0-10.1 as a component of openSUSE Leap 42.2 libssl37-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.2 libssl38-2.3.4-3.1 as a component of openSUSE Leap 42.2 libssl38-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2 libtls10-2.3.4-3.1 as a component of openSUSE Leap 42.2 libtls10-32bit-2.3.4-3.1 as a component of openSUSE Leap 42.2 libtls9-2.3.0-10.1 as a component of openSUSE Leap 42.2 libtls9-32bit-2.3.0-10.1 as a component of openSUSE Leap 42.2 A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVE-2016-7056 openSUSE Leap 42.1:libcrypto36-2.3.0-10.1 openSUSE Leap 42.1:libcrypto36-32bit-2.3.0-10.1 openSUSE Leap 42.1:libcrypto37-2.3.4-3.1 openSUSE Leap 42.1:libcrypto37-32bit-2.3.4-3.1 openSUSE Leap 42.1:libressl-2.3.4-3.1 openSUSE Leap 42.1:libressl-devel-2.3.4-3.1 openSUSE Leap 42.1:libressl-devel-32bit-2.3.4-3.1 openSUSE Leap 42.1:libressl-devel-doc-2.3.4-3.1 openSUSE Leap 42.1:libssl37-2.3.0-10.1 openSUSE Leap 42.1:libssl37-32bit-2.3.0-10.1 openSUSE Leap 42.1:libssl38-2.3.4-3.1 openSUSE Leap 42.1:libssl38-32bit-2.3.4-3.1 openSUSE Leap 42.1:libtls10-2.3.4-3.1 openSUSE Leap 42.1:libtls10-32bit-2.3.4-3.1 openSUSE Leap 42.1:libtls9-2.3.0-10.1 openSUSE Leap 42.1:libtls9-32bit-2.3.0-10.1 openSUSE Leap 42.2:libcrypto36-2.3.0-10.1 openSUSE Leap 42.2:libcrypto36-32bit-2.3.0-10.1 openSUSE Leap 42.2:libcrypto37-2.3.4-3.1 openSUSE Leap 42.2:libcrypto37-32bit-2.3.4-3.1 openSUSE Leap 42.2:libressl-2.3.4-3.1 openSUSE Leap 42.2:libressl-devel-2.3.4-3.1 openSUSE Leap 42.2:libressl-devel-32bit-2.3.4-3.1 openSUSE Leap 42.2:libressl-devel-doc-2.3.4-3.1 openSUSE Leap 42.2:libssl37-2.3.0-10.1 openSUSE Leap 42.2:libssl37-32bit-2.3.0-10.1 openSUSE Leap 42.2:libssl38-2.3.4-3.1 openSUSE Leap 42.2:libssl38-32bit-2.3.4-3.1 openSUSE Leap 42.2:libtls10-2.3.4-3.1 openSUSE Leap 42.2:libtls10-32bit-2.3.4-3.1 openSUSE Leap 42.2:libtls9-2.3.0-10.1 openSUSE Leap 42.2:libtls9-32bit-2.3.0-10.1 moderate 4.9 AV:L/AC:L/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00038.html https://www.suse.com/security/cve/CVE-2016-7056.html CVE-2016-7056 https://bugzilla.suse.com/1005878 SUSE Bug 1005878 https://bugzilla.suse.com/1018910 SUSE Bug 1018910 https://bugzilla.suse.com/1019334 SUSE Bug 1019334