Security update for OpenSSL

SUSE Security Update: Security update for OpenSSL
Announcement ID: SUSE-SU-2014:0538-1
Rating: moderate
References: #869945
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4 LTSS

  • An update that fixes one vulnerability is now available.

    Description:


    OpenSSL has been updated to fix an attack on ECDSA Nonces.

    Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces
    could have been recovered. (CVE-2014-0076)

    Security Issue reference:

    * CVE-2014-0076
    >

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
    • openssl-0.9.8a-18.80.5
    • openssl-devel-0.9.8a-18.80.5
    • openssl-doc-0.9.8a-18.80.5
    • SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
    • openssl-32bit-0.9.8a-18.80.5
    • openssl-devel-32bit-0.9.8a-18.80.5

    References:

    • http://support.novell.com/security/cve/CVE-2014-0076.html
    • https://bugzilla.novell.com/869945
    • http://download.suse.com/patch/finder/?keywords=13729e3b9da09233086c747080dc0f39