Red Hat update for openssl



Published: 2019-11-06
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2018-0734
CVE-2018-0735
CVE-2019-1543
CWE-ID CWE-200
CWE-327
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU15668

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0734

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified flaw in Digital Signature Algorithm (DSA). A local attacker can conduct a timing side-channel attack and recover the private key, which could be used to conduct further attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 8.0

External links

http://access.redhat.com/errata/RHSA-2019:3700


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU15568

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0735

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to disclosure of the OpenSSL ECDSA signature algorithm. A remote attacker can use variations in the signing algorithm to conduct a timing side channel attack and recover the private key.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 8.0

External links

http://access.redhat.com/errata/RHSA-2019:3700


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU17908

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1543

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to encrypted data.

The vulnerability exists due to incorrect implementation of the ChaCha20-Poly1305 cipher. For messages, encrypted with this cipher, a reused nonce value is used that is susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce.

This vulnerability does not affect internal usage of the cipher within OpenSSL. However if an application uses this cipher directly and sets a non-default nonce length to be longer than 12 bytes, it may be vulnerable.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 8.0

External links

http://access.redhat.com/errata/RHSA-2019:3700


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###