SB2019110605 - Red Hat update for openssl

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019110605

SB2019110605 - Red Hat update for openssl

Published: November 6, 2019

Security Bulletin ID SB2019110605
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-0734)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified flaw in Digital Signature Algorithm (DSA). A local attacker can conduct a timing side-channel attack and recover the private key, which could be used to conduct further attacks.


2) Information disclosure (CVE-ID: CVE-2018-0735)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to disclosure of the OpenSSL ECDSA signature algorithm. A remote attacker can use variations in the signing algorithm to conduct a timing side channel attack and recover the private key.


3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2019-1543)

The vulnerability allows a remote attacker to gain access to encrypted data.

The vulnerability exists due to incorrect implementation of the ChaCha20-Poly1305 cipher. For messages, encrypted with this cipher, a reused nonce value is used that is susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce.

This vulnerability does not affect internal usage of the cipher within OpenSSL. However if an application uses this cipher directly and sets a non-default nonce length to be longer than 12 bytes, it may be vulnerable.

Remediation

Install update from vendor's website.

References