[SUSE-SU-2023:3013-1] Security update for openssl-3
Severity
Moderate
Affected Packages
15
CVEs
2
Security update for openssl-3
This update for openssl-3 fixes the following issues:
- CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries (bsc#1213383).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
- ID
- SUSE-SU-2023:3013-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20233013-1/
- Published
-
2023-07-28T12:18:46
(13 months ago) - Modified
-
2023-07-28T12:18:46
(13 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2023-1843
- ALAS2-2023-2226
- ALAS2-2023-2246
- ALAS2-2024-2502
- ALPINE:CVE-2023-2975
- ALPINE:CVE-2023-3446
- ALSA-2023:7877
- ALSA-2024:0888
- ALSA-2024:2264
- ALSA-2024:2447
- ELSA-2023-7877
- ELSA-2024-0888
- ELSA-2024-12056
- ELSA-2024-2264
- ELSA-2024-2447
- FREEBSD:41C60E16-2405-11EE-A0D1-84A93843EB75
- GLSA-202402-08
- RHSA-2023:7877
- RHSA-2024:0888
- RHSA-2024:2264
- RHSA-2024:2447
- RLSA-2024:2264
- SSA:2023-213-01
- SUSE-SU-2023:2961-1
- SUSE-SU-2023:2962-1
- SUSE-SU-2023:2964-1
- SUSE-SU-2023:2965-1
- SUSE-SU-2023:2972-1
- SUSE-SU-2023:2973-1
- SUSE-SU-2023:3011-1
- SUSE-SU-2023:3012-1
- SUSE-SU-2023:3093-1
- SUSE-SU-2023:3096-1
- SUSE-SU-2023:3160-1
- SUSE-SU-2023:3179-1
- USN-6435-1
- USN-6435-2
- USN-6450-1
- USN-6709-1
- USN-7018-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3013-1.json | |
Suse | URL for SUSE-SU-2023:3013-1 | https://www.suse.com/support/update/announcement/2023/suse-su-20233013-1/ | |
Suse | E-Mail link for SUSE-SU-2023:3013-1 | https://lists.suse.com/pipermail/sle-security-updates/2023-July/015685.html | |
Bugzilla | SUSE Bug 1213383 | https://bugzilla.suse.com/1213383 | |
Bugzilla | SUSE Bug 1213487 | https://bugzilla.suse.com/1213487 | |
CVE | SUSE CVE CVE-2023-2975 page | https://www.suse.com/security/cve/CVE-2023-2975/ | |
CVE | SUSE CVE CVE-2023-3446 page | https://www.suse.com/security/cve/CVE-2023-3446/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/openssl-3?arch=x86_64&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/openssl-3?arch=s390x&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/openssl-3?arch=ppc64le&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/openssl-3?arch=aarch64&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/openssl-3-doc?arch=noarch&distro=opensuse-leap-15.4 | suse | openssl-3-doc | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | noarch | |
Affected | pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/libopenssl3-32bit?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl3-32bit | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=s390x&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=ppc64le&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=aarch64&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/libopenssl-3-devel-32bit?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel-32bit | < 3.0.8-150400.4.31.2 | opensuse-leap-15.4 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |