Bugzilla – Bug 1151490
Regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL
Last modified: 2022-01-03 22:36:03 UTC
According to https://bugs.python.org/issue36263 failing test.test_hashlib.KDFTests.test_scrypt in Python 3.* (Python 2.7 is surprisingly not affected) is caused by the bug resolved in the GitHub PR https://github.com/openssl/openssl/pull/8483 and also there is a long discussion on the theme on the Fedora bug https://bugzilla.redhat.com/1688284.
SUSE-SU-2019:2802-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1149121,1149792,1149955,1151490,1153238 CVE References: CVE-2019-16056,CVE-2019-16935 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1, python3-doc-3.6.9-3.39.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1, python3-doc-3.6.9-3.39.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): python3-base-3.6.9-3.39.1 SUSE Linux Enterprise Module for Development Tools 15 (src): python3-base-3.6.9-3.39.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1 SUSE Linux Enterprise Module for Basesystem 15 (src): python3-3.6.9-3.39.1, python3-base-3.6.9-3.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2438-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1149121,1149792,1149955,1151490,1153238 CVE References: CVE-2019-16056,CVE-2019-16935 Sources used: openSUSE Leap 15.1 (src): python3-3.6.9-lp151.6.4.1, python3-base-3.6.9-lp151.6.4.1
openSUSE-SU-2019:2453-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1149121,1149792,1149955,1151490,1153238 CVE References: CVE-2019-16056,CVE-2019-16935 Sources used: openSUSE Leap 15.0 (src): python3-3.6.9-lp150.2.14.1, python3-base-3.6.9-lp150.2.14.1
The bug got introduced when we backported the openSSH KDF to openssl 1.1.1 for jsc#SLE-8789. It caused problems to other packages as well (nodejs). It's already been fixed by https://build.suse.de/request/show/204835. Patch openssl-jsc-SLE-8789-backport_KDF.patch has been updated to include the change from commit https://github.com/openssl/openssl/commit/253d7622222166959d1a5e724434aae3fbd2537d.
SUSE-SU-2020:0114-1: An update that solves 26 vulnerabilities and has 30 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Development Tools 15 (src): python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Basesystem 15 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0086-1: An update that solves 26 vulnerabilities and has 30 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: openSUSE Leap 15.1 (src): python3-3.6.10-lp151.6.7.1, python3-base-3.6.10-lp151.6.7.1
SUSE-SU-2020:0302-1: An update that solves 10 vulnerabilities and has 11 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1081750,1083507,1086001,1088009,1094814,1109663,1137942,1138459,1141853,1149121,1149429,1149792,1149955,1151490,1159035,1159622,709442,951166,983582 CVE References: CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): python36-3.6.10-4.3.5, python36-base-3.6.10-4.3.5 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/851367 Factory / python36
This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/852415 Factory / python36
This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/853277 Factory / python36
This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/853314 Factory / python36
This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/856737 Factory / python36
This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/923499 Factory / python36
This is an autogenerated message for OBS integration: This bug (1151490) was mentioned in https://build.opensuse.org/request/show/926876 Factory / python36