[RHSA-2023:7877] openssl security update
Severity
Low
Affected Packages
18
CVEs
3
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)
OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)
openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- ID
- RHSA-2023:7877
- Severity
- low
- URL
- https://access.redhat.com/errata/RHSA-2023:7877
- Published
-
2023-12-19T00:00:00
(9 months ago) - Modified
-
2023-12-19T00:00:00
(9 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2023-1843
-
ALAS-2023-1891
-
ALAS2-2023-2205
-
ALAS2-2023-2226
-
ALAS2-2023-2246
-
ALAS2-2023-2350
-
ALAS2-2023-2351
-
ALAS2-2024-2502
-
ALPINE:CVE-2023-3446
-
ALPINE:CVE-2023-3817
-
ALPINE:CVE-2023-5678
-
ALSA-2023:7877
-
ALSA-2024:0888
-
ALSA-2024:2264
-
ALSA-2024:2447
-
ELSA-2023-7877
-
ELSA-2024-0888
-
ELSA-2024-12056
-
ELSA-2024-2264
-
ELSA-2024-2447
-
FREEBSD:22DF5074-71CD-11EE-85EB-84A93843EB75
-
FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75
-
FREEBSD:BAD6588E-2FE0-11EE-A0D1-84A93843EB75
-
GLSA-202402-08
-
MS:CVE-2023-3817
-
RHSA-2024:0888
-
RHSA-2024:2264
-
RHSA-2024:2447
-
RLSA-2024:2264
-
SSA:2023-213-01
-
SSA:2024-199-01
-
SUSE-SU-2023:2961-1
-
SUSE-SU-2023:2962-1
-
SUSE-SU-2023:2964-1
-
SUSE-SU-2023:2965-1
-
SUSE-SU-2023:2972-1
-
SUSE-SU-2023:2973-1
-
SUSE-SU-2023:3011-1
-
SUSE-SU-2023:3012-1
-
SUSE-SU-2023:3013-1
-
SUSE-SU-2023:3093-1
-
SUSE-SU-2023:3096-1
-
SUSE-SU-2023:3160-1
-
SUSE-SU-2023:3179-1
-
SUSE-SU-2023:3239-1
-
SUSE-SU-2023:3242-1
-
SUSE-SU-2023:3243-1
-
SUSE-SU-2023:3244-1
-
SUSE-SU-2023:3244-2
-
SUSE-SU-2023:3291-1
-
SUSE-SU-2023:3291-2
-
SUSE-SU-2023:3308-1
-
SUSE-SU-2023:3338-1
-
SUSE-SU-2023:3339-1
-
SUSE-SU-2023:3397-1
-
SUSE-SU-2023:3958-1
-
SUSE-SU-2023:4189-1
-
SUSE-SU-2023:4190-1
-
SUSE-SU-2023:4488-1
-
SUSE-SU-2023:4489-1
-
SUSE-SU-2023:4518-1
-
SUSE-SU-2023:4519-1
-
SUSE-SU-2023:4520-1
-
SUSE-SU-2023:4521-1
-
SUSE-SU-2023:4522-1
-
SUSE-SU-2023:4523-1
-
SUSE-SU-2023:4524-1
-
SUSE-SU-2023:4593-1
-
SUSE-SU-2023:4635-1
-
SUSE-SU-2023:4649-1
-
SUSE-SU-2023:4918-1
-
SUSE-SU-2023:4919-1
-
USN-6435-1
-
USN-6435-2
-
USN-6450-1
-
USN-6622-1
-
USN-6632-1
-
USN-6709-1
-
USN-7018-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 2224962 |
|
|
| Bugzilla | 2227852 |
|
|
| Bugzilla | 2248616 |
|
|
| RHSA | RHSA-2023:7877 |
|
|
| CVE | CVE-2023-3446 |
|
|
| CVE | CVE-2023-3817 |
|
|
| CVE | CVE-2023-5678 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/openssl?arch=x86_64&distro=redhat-8.9 | redhat |
 openssl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/openssl?arch=s390x&distro=redhat-8.9 | redhat |
openssl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/openssl?arch=ppc64le&distro=redhat-8.9 | redhat |
openssl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/openssl?arch=aarch64&distro=redhat-8.9 | redhat |
openssl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | aarch64 | |
| Affected | pkg:rpm/redhat/openssl-perl?arch=x86_64&distro=redhat-8.9 | redhat |
openssl-perl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/openssl-perl?arch=s390x&distro=redhat-8.9 | redhat |
openssl-perl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/openssl-perl?arch=ppc64le&distro=redhat-8.9 | redhat |
openssl-perl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/openssl-perl?arch=aarch64&distro=redhat-8.9 | redhat |
openssl-perl
|
< 1.1.1k-12.el8_9 | redhat-8.9 | aarch64 | |
| Affected | pkg:rpm/redhat/openssl-libs?arch=x86_64&distro=redhat-8.9 | redhat |
openssl-libs
|
< 1.1.1k-12.el8_9 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/openssl-libs?arch=s390x&distro=redhat-8.9 | redhat |
openssl-libs
|
< 1.1.1k-12.el8_9 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/openssl-libs?arch=ppc64le&distro=redhat-8.9 | redhat |
openssl-libs
|
< 1.1.1k-12.el8_9 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/openssl-libs?arch=i686&distro=redhat-8.9 | redhat |
openssl-libs
|
< 1.1.1k-12.el8_9 | redhat-8.9 | i686 | |
| Affected | pkg:rpm/redhat/openssl-libs?arch=aarch64&distro=redhat-8.9 | redhat |
openssl-libs
|
< 1.1.1k-12.el8_9 | redhat-8.9 | aarch64 | |
| Affected | pkg:rpm/redhat/openssl-devel?arch=x86_64&distro=redhat-8.9 | redhat |
openssl-devel
|
< 1.1.1k-12.el8_9 | redhat-8.9 | x86_64 | |
| Affected | pkg:rpm/redhat/openssl-devel?arch=s390x&distro=redhat-8.9 | redhat |
openssl-devel
|
< 1.1.1k-12.el8_9 | redhat-8.9 | s390x | |
| Affected | pkg:rpm/redhat/openssl-devel?arch=ppc64le&distro=redhat-8.9 | redhat |
openssl-devel
|
< 1.1.1k-12.el8_9 | redhat-8.9 | ppc64le | |
| Affected | pkg:rpm/redhat/openssl-devel?arch=i686&distro=redhat-8.9 | redhat |
openssl-devel
|
< 1.1.1k-12.el8_9 | redhat-8.9 | i686 | |
| Affected | pkg:rpm/redhat/openssl-devel?arch=aarch64&distro=redhat-8.9 | redhat |
openssl-devel
|
< 1.1.1k-12.el8_9 | redhat-8.9 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |