|
Bugzilla – Full Text Bug Listing |
| Summary: | Regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Matej Cepl <mcepl> |
| Component: | Security | Assignee: | Vítězslav Čížek <vcizek> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | amajer, meissner, vcizek |
| Version: | Leap 15.2 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1149792 | ||
|
Description
Matej Cepl
2019-09-20 13:25:42 UTC
SUSE-SU-2019:2802-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1149121,1149792,1149955,1151490,1153238 CVE References: CVE-2019-16056,CVE-2019-16935 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1, python3-doc-3.6.9-3.39.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1, python3-doc-3.6.9-3.39.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): python3-base-3.6.9-3.39.1 SUSE Linux Enterprise Module for Development Tools 15 (src): python3-base-3.6.9-3.39.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1 SUSE Linux Enterprise Module for Basesystem 15 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2019:2438-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1149121,1149792,1149955,1151490,1153238 CVE References: CVE-2019-16056,CVE-2019-16935 Sources used: openSUSE Leap 15.1 (src): python3-3.6.9-lp151.6.4.1, python3-base-3.6.9-lp151.6.4.1 openSUSE-SU-2019:2453-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1149121,1149792,1149955,1151490,1153238 CVE References: CVE-2019-16056,CVE-2019-16935 Sources used: openSUSE Leap 15.0 (src): python3-3.6.9-lp150.2.14.1, python3-base-3.6.9-lp150.2.14.1 The bug got introduced when we backported the openSSH KDF to openssl 1.1.1 for jsc#SLE-8789. It caused problems to other packages as well (nodejs). It's already been fixed by https://build.suse.de/request/show/204835. Patch openssl-jsc-SLE-8789-backport_KDF.patch has been updated to include the change from commit https://github.com/openssl/openssl/commit/253d7622222166959d1a5e724434aae3fbd2537d. SUSE-SU-2020:0114-1: An update that solves 26 vulnerabilities and has 30 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Development Tools 15 (src): python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Basesystem 15 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2020:0086-1: An update that solves 26 vulnerabilities and has 30 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: openSUSE Leap 15.1 (src): python3-3.6.10-lp151.6.7.1, python3-base-3.6.10-lp151.6.7.1 SUSE-SU-2020:0302-1: An update that solves 10 vulnerabilities and has 11 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1081750,1083507,1086001,1088009,1094814,1109663,1137942,1138459,1141853,1149121,1149429,1149792,1149955,1151490,1159035,1159622,709442,951166,983582 CVE References: CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): python36-3.6.10-4.3.5, python36-base-3.6.10-4.3.5 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/851367 Factory / python36 This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/852415 Factory / python36 This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/853277 Factory / python36 This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/853314 Factory / python36 This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/856737 Factory / python36 This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/923499 Factory / python36 This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/926876 Factory / python36 |