{"affected":[{"ecosystem_specific":{"binaries":[{"libopenssl-1_1-devel":"1.1.0i-4.27.1","libopenssl1_1":"1.1.0i-4.27.1","libopenssl1_1-32bit":"1.1.0i-4.27.1","libopenssl1_1-hmac":"1.1.0i-4.27.1","libopenssl1_1-hmac-32bit":"1.1.0i-4.27.1","openssl-1_1":"1.1.0i-4.27.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"openssl-1_1","purl":"pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.0i-4.27.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for openssl-1_1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).\n\nVarious FIPS related improvements were done:\n\n- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).\n- Port FIPS patches from SLE-12 (bsc#1158101)\n- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346)\n","id":"SUSE-SU-2020:0002-1","modified":"2020-01-02T08:50:08Z","published":"2020-01-02T08:50:08Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200002-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155346"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157775"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158101"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158809"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-1551"},{"type":"REPORT","url":"https://bugzilla.suse.com/SLE-8789"}],"related":["CVE-2019-1551"],"summary":"Security update for openssl-1_1","upstream":["CVE-2019-1551"]}