1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:4649-1

[SUSE-SU-2023:4649-1] Security update for openssl-3

Severity Important
Affected Packages 26
CVEs 1
Info Packages References Vulnerabilities

Security update for openssl-3

This update for openssl-3 fixes the following issues:

  • CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).

Bug fixes:

  • The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/.
  • Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472]
Package Affected Version
pkg:rpm/suse/openssl-3?arch=x86_64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/openssl-3?arch=s390x&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/openssl-3?arch=ppc64le&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/openssl-3?arch=aarch64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/openssl-3-doc?arch=noarch&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=x86_64&distro=slem-5 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-micro-5.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-micro-5.3 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=s390x&distro=slem-5 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-micro-5.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-micro-5.3 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-micro-5.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-micro-5.3 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=aarch64&distro=slem-5 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-micro-5.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-micro-5.3 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl3-32bit?arch=x86_64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl-3-devel?arch=x86_64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl-3-devel?arch=s390x&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl-3-devel?arch=ppc64le&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl-3-devel?arch=aarch64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
pkg:rpm/suse/libopenssl-3-devel-32bit?arch=x86_64&distro=opensuse-leap-15.4 < 3.0.8-150400.4.42.1
ID
SUSE-SU-2023:4649-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20234649-1/
Published
2023-12-06T10:04:05
(9 months ago)
Modified
2023-12-06T10:04:05
(9 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/openssl-3?arch=x86_64&distro=opensuse-leap-15.4 suse openssl-3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/openssl-3?arch=s390x&distro=opensuse-leap-15.4 suse openssl-3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/openssl-3?arch=ppc64le&distro=opensuse-leap-15.4 suse openssl-3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/openssl-3?arch=aarch64&distro=opensuse-leap-15.4 suse openssl-3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/openssl-3-doc?arch=noarch&distro=opensuse-leap-15.4 suse openssl-3-doc < 3.0.8-150400.4.42.1 opensuse-leap-15.4 noarch
Affected pkg:rpm/suse/libopenssl3?arch=x86_64&distro=slem-5 suse libopenssl3 < 3.0.8-150400.4.42.1 slem-5 x86_64
Affected pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-micro-5.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.4 x86_64
Affected pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-micro-5.3 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.3 x86_64
Affected pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-15.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/libopenssl3?arch=s390x&distro=slem-5 suse libopenssl3 < 3.0.8-150400.4.42.1 slem-5 s390x
Affected pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-micro-5.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.4 s390x
Affected pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-micro-5.3 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.3 s390x
Affected pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-15.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-micro-5.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.4 ppc64le
Affected pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-micro-5.3 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.3 ppc64le
Affected pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-15.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/libopenssl3?arch=aarch64&distro=slem-5 suse libopenssl3 < 3.0.8-150400.4.42.1 slem-5 aarch64
Affected pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-micro-5.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.4 aarch64
Affected pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-micro-5.3 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-micro-5.3 aarch64
Affected pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-15.4 suse libopenssl3 < 3.0.8-150400.4.42.1 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/libopenssl3-32bit?arch=x86_64&distro=opensuse-leap-15.4 suse libopenssl3-32bit < 3.0.8-150400.4.42.1 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/libopenssl-3-devel?arch=x86_64&distro=opensuse-leap-15.4 suse libopenssl-3-devel < 3.0.8-150400.4.42.1 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/libopenssl-3-devel?arch=s390x&distro=opensuse-leap-15.4 suse libopenssl-3-devel < 3.0.8-150400.4.42.1 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/libopenssl-3-devel?arch=ppc64le&distro=opensuse-leap-15.4 suse libopenssl-3-devel < 3.0.8-150400.4.42.1 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/libopenssl-3-devel?arch=aarch64&distro=opensuse-leap-15.4 suse libopenssl-3-devel < 3.0.8-150400.4.42.1 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/libopenssl-3-devel-32bit?arch=x86_64&distro=opensuse-leap-15.4 suse libopenssl-3-devel-32bit < 3.0.8-150400.4.42.1 opensuse-leap-15.4 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date