SB2019122034 - Cryptographic issues in openssl (Alpine package)
Published: December 20, 2019
Security Bulletin ID
SB2019122034
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cryptographic issues (CVE-ID: CVE-2019-1551)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an overflow issue within the rsaz_512_sqr(): the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. A remote attacker can perform an attack against DH512 keys.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1e697147022325620c2e31c4417460f09c9df59d
- https://git.alpinelinux.org/aports/commit/?id=a27739f065dcbb1cbd3d59a5afff5656ca312abc
- https://git.alpinelinux.org/aports/commit/?id=d2ad91c7e3ded723ce9e34e95e66ad524f11833d
- https://git.alpinelinux.org/aports/commit/?id=d5cdcefa208fa600971caccebd3ab1c7304fec16
- https://git.alpinelinux.org/aports/commit/?id=33832d93c0d87e0c90f543ea973e7d12ea27a3ee