SUSE-RU-2020:3560-1: moderate: Recommended update for openssl-1_1

Mon Nov 30 10:30:48 MST 2020

   SUSE Recommended Update: Recommended update for openssl-1_1
______________________________________________________________________________

Announcement ID:    SUSE-RU-2020:3560-1
Rating:             moderate
References:         #1158499 #1160158 #1161198 #1161203 #1163569 
                    #1165281 #1165534 #1166848 #1175847 #1177479 
                    SLE-8789 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP1
______________________________________________________________________________

   An update that has 10 recommended fixes and contains one
   feature can now be installed.

Description:

   This update for openssl-1_1 fixes the following issues:

   This update backports various bugfixes for FIPS:

   - Restore private key check in EC_KEY_check_key [bsc#1177479]
   - Add shared secret KAT to FIPS DH selftest [bsc#1175847]
   - Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847]
   - Fix locking issue uncovered by python testsuite (bsc#1166848)
   - Fix the sequence of locking operations in FIPS mode [bsc#1165534]
   - Fix deadlock in FIPS rand code (bsc#1165281)
   - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569)
   - Fix FIPS DRBG without derivation function (bsc#1161198)
   - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203)
   - Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12
     (bsc#1158499)

   - Restore the EVP_PBE_scrypt() behavior from before the KDF patch by
     treating salt=NULL as salt="" (bsc#1160158)

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3560=1

Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):

      libopenssl-1_1-devel-1.1.0i-14.9.1
      libopenssl1_1-1.1.0i-14.9.1
      libopenssl1_1-debuginfo-1.1.0i-14.9.1
      libopenssl1_1-hmac-1.1.0i-14.9.1
      openssl-1_1-1.1.0i-14.9.1
      openssl-1_1-debuginfo-1.1.0i-14.9.1
      openssl-1_1-debugsource-1.1.0i-14.9.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64):

      libopenssl-1_1-devel-32bit-1.1.0i-14.9.1
      libopenssl1_1-32bit-1.1.0i-14.9.1
      libopenssl1_1-32bit-debuginfo-1.1.0i-14.9.1
      libopenssl1_1-hmac-32bit-1.1.0i-14.9.1

References:

   https://bugzilla.suse.com/1158499
   https://bugzilla.suse.com/1160158
   https://bugzilla.suse.com/1161198
   https://bugzilla.suse.com/1161203
   https://bugzilla.suse.com/1163569
   https://bugzilla.suse.com/1165281
   https://bugzilla.suse.com/1165534
   https://bugzilla.suse.com/1166848
   https://bugzilla.suse.com/1175847
   https://bugzilla.suse.com/1177479