Security update for openssl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:0474-1 Final 1 1 2020-02-25T12:24:41Z current 2020-02-25T12:24:41Z 2020-02-25T12:24:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssl This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container caasp/v4/nginx-ingress-controller:beta1-2020-474,Container suse/sles12sp3:latest-2020-474,HPE-Helion-OpenStack-8-2020-474,SUSE-2020-474,SUSE-OpenStack-Cloud-7-2020-474,SUSE-OpenStack-Cloud-8-2020-474,SUSE-OpenStack-Cloud-Crowbar-8-2020-474,SUSE-SLE-SAP-12-SP2-2020-474,SUSE-SLE-SAP-12-SP3-2020-474,SUSE-SLE-SERVER-12-SP2-2020-474,SUSE-SLE-SERVER-12-SP2-BCL-2020-474,SUSE-SLE-SERVER-12-SP3-2020-474,SUSE-SLE-SERVER-12-SP3-BCL-2020-474,SUSE-Storage-5-2020-474 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20200474-1/ Link for SUSE-SU-2020:0474-1 https://lists.suse.com/pipermail/sle-security-updates/2020-February/006529.html E-Mail link for SUSE-SU-2020:0474-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1117951 SUSE Bug 1117951 https://bugzilla.suse.com/1158809 SUSE Bug 1158809 https://bugzilla.suse.com/1160163 SUSE Bug 1160163 https://www.suse.com/security/cve/CVE-2019-1551/ SUSE CVE CVE-2019-1551 page Container caasp/v4/nginx-ingress-controller:beta1 Container suse/sles12sp3:latest HPE Helion OpenStack 8 SUSE Enterprise Storage 5 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-1.0.2j-60.60.1 openssl-1.0.2j-60.60.1 libopenssl-devel-1.0.2j-60.60.1 libopenssl1_0_0-32bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-1.0.2j-60.60.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 openssl-doc-1.0.2j-60.60.1 libopenssl-devel-32bit-1.0.2j-60.60.1 libopenssl-devel-64bit-1.0.2j-60.60.1 libopenssl1_0_0-64bit-1.0.2j-60.60.1 libopenssl1_0_0-hmac-64bit-1.0.2j-60.60.1 openssl-cavs-1.0.2j-60.60.1 libopenssl1_0_0-1.0.2j-60.60.1 as a component of Container caasp/v4/nginx-ingress-controller:beta1 openssl-1.0.2j-60.60.1 as a component of Container caasp/v4/nginx-ingress-controller:beta1 libopenssl1_0_0-1.0.2j-60.60.1 as a component of Container suse/sles12sp3:latest openssl-1.0.2j-60.60.1 as a component of Container suse/sles12sp3:latest libopenssl-devel-1.0.2j-60.60.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-1.0.2j-60.60.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of HPE Helion OpenStack 8 openssl-1.0.2j-60.60.1 as a component of HPE Helion OpenStack 8 openssl-doc-1.0.2j-60.60.1 as a component of HPE Helion OpenStack 8 libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE Enterprise Storage 5 libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE Enterprise Storage 5 libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE Enterprise Storage 5 libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE Enterprise Storage 5 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE Enterprise Storage 5 openssl-1.0.2j-60.60.1 as a component of SUSE Enterprise Storage 5 openssl-doc-1.0.2j-60.60.1 as a component of SUSE Enterprise Storage 5 libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL openssl-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL openssl-doc-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS openssl-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS openssl-doc-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL openssl-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL openssl-doc-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS openssl-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS openssl-doc-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 openssl-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 openssl-doc-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openssl-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openssl-doc-1.0.2j-60.60.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 7 libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 7 libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 7 libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 7 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 7 openssl-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 7 openssl-doc-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 7 libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 8 openssl-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 8 openssl-doc-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud 8 libopenssl-devel-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-32bit-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-hmac-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud Crowbar 8 openssl-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud Crowbar 8 openssl-doc-1.0.2j-60.60.1 as a component of SUSE OpenStack Cloud Crowbar 8 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). CVE-2019-1551 Container caasp/v4/nginx-ingress-controller:beta1:libopenssl1_0_0-1.0.2j-60.60.1 Container caasp/v4/nginx-ingress-controller:beta1:openssl-1.0.2j-60.60.1 Container suse/sles12sp3:latest:libopenssl1_0_0-1.0.2j-60.60.1 Container suse/sles12sp3:latest:openssl-1.0.2j-60.60.1 HPE Helion OpenStack 8:libopenssl-devel-1.0.2j-60.60.1 HPE Helion OpenStack 8:libopenssl1_0_0-1.0.2j-60.60.1 HPE Helion OpenStack 8:libopenssl1_0_0-32bit-1.0.2j-60.60.1 HPE Helion OpenStack 8:libopenssl1_0_0-hmac-1.0.2j-60.60.1 HPE Helion OpenStack 8:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 HPE Helion OpenStack 8:openssl-1.0.2j-60.60.1 HPE Helion OpenStack 8:openssl-doc-1.0.2j-60.60.1 SUSE Enterprise Storage 5:libopenssl-devel-1.0.2j-60.60.1 SUSE Enterprise Storage 5:libopenssl1_0_0-1.0.2j-60.60.1 SUSE Enterprise Storage 5:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE Enterprise Storage 5:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE Enterprise Storage 5:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE Enterprise Storage 5:openssl-1.0.2j-60.60.1 SUSE Enterprise Storage 5:openssl-doc-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl-devel-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP2-LTSS:openssl-doc-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl-devel-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-BCL:openssl-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-BCL:openssl-doc-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl-devel-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-LTSS:openssl-1.0.2j-60.60.1 SUSE Linux Enterprise Server 12 SP3-LTSS:openssl-doc-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl-devel-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:openssl-doc-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.60.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.60.1 SUSE OpenStack Cloud 7:libopenssl-devel-1.0.2j-60.60.1 SUSE OpenStack Cloud 7:libopenssl1_0_0-1.0.2j-60.60.1 SUSE OpenStack Cloud 7:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE OpenStack Cloud 7:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE OpenStack Cloud 7:openssl-1.0.2j-60.60.1 SUSE OpenStack Cloud 7:openssl-doc-1.0.2j-60.60.1 SUSE OpenStack Cloud 8:libopenssl-devel-1.0.2j-60.60.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-1.0.2j-60.60.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE OpenStack Cloud 8:openssl-1.0.2j-60.60.1 SUSE OpenStack Cloud 8:openssl-doc-1.0.2j-60.60.1 SUSE OpenStack Cloud Crowbar 8:libopenssl-devel-1.0.2j-60.60.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-1.0.2j-60.60.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-32bit-1.0.2j-60.60.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-hmac-1.0.2j-60.60.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-hmac-32bit-1.0.2j-60.60.1 SUSE OpenStack Cloud Crowbar 8:openssl-1.0.2j-60.60.1 SUSE OpenStack Cloud Crowbar 8:openssl-doc-1.0.2j-60.60.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200474-1/ https://www.suse.com/security/cve/CVE-2019-1551.html CVE-2019-1551 https://bugzilla.suse.com/1158809 SUSE Bug 1158809 https://bugzilla.suse.com/1205621 SUSE Bug 1205621