[SUSE-SU-2023:4649-1] Security update for openssl-3
Severity
Important
Affected Packages
26
CVEs
1
Security update for openssl-3
This update for openssl-3 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
Bug fixes:
- The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/.
- Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472]
- ID
- SUSE-SU-2023:4649-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20234649-1/
- Published
-
2023-12-06T10:04:05
(9 months ago) - Modified
-
2023-12-06T10:04:05
(9 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2023-1891
- ALAS2-2023-2350
- ALAS2-2023-2351
- ALAS2-2024-2502
- ALPINE:CVE-2023-5678
- ALSA-2023:7877
- ALSA-2024:2447
- ELSA-2023-7877
- ELSA-2024-12056
- ELSA-2024-2447
- FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75
- RHSA-2023:7877
- RHSA-2024:2447
- SSA:2024-199-01
- SUSE-SU-2023:4488-1
- SUSE-SU-2023:4489-1
- SUSE-SU-2023:4518-1
- SUSE-SU-2023:4519-1
- SUSE-SU-2023:4520-1
- SUSE-SU-2023:4521-1
- SUSE-SU-2023:4522-1
- SUSE-SU-2023:4523-1
- SUSE-SU-2023:4524-1
- SUSE-SU-2023:4593-1
- SUSE-SU-2023:4635-1
- SUSE-SU-2023:4918-1
- SUSE-SU-2023:4919-1
- USN-6622-1
- USN-6632-1
- USN-6709-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4649-1.json | |
Suse | URL for SUSE-SU-2023:4649-1 | https://www.suse.com/support/update/announcement/2023/suse-su-20234649-1/ | |
Suse | E-Mail link for SUSE-SU-2023:4649-1 | https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L36X5ULOS5QNIFLF2MJDCWBUWN5DSPKV/#L36X5ULOS5QNIFLF2MJDCWBUWN5DSPKV | |
Bugzilla | SUSE Bug 1194187 | https://bugzilla.suse.com/1194187 | |
Bugzilla | SUSE Bug 1207472 | https://bugzilla.suse.com/1207472 | |
Bugzilla | SUSE Bug 1216922 | https://bugzilla.suse.com/1216922 | |
CVE | SUSE CVE CVE-2023-5678 page | https://www.suse.com/security/cve/CVE-2023-5678/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/openssl-3?arch=x86_64&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/openssl-3?arch=s390x&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/openssl-3?arch=ppc64le&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/openssl-3?arch=aarch64&distro=opensuse-leap-15.4 | suse | openssl-3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/openssl-3-doc?arch=noarch&distro=opensuse-leap-15.4 | suse | openssl-3-doc | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | noarch | |
Affected | pkg:rpm/suse/libopenssl3?arch=x86_64&distro=slem-5 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | slem-5 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-micro-5.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.4 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-micro-5.3 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.3 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=s390x&distro=slem-5 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | slem-5 | s390x | |
Affected | pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-micro-5.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.4 | s390x | |
Affected | pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-micro-5.3 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.3 | s390x | |
Affected | pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-micro-5.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.4 | ppc64le | |
Affected | pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-micro-5.3 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.3 | ppc64le | |
Affected | pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/libopenssl3?arch=aarch64&distro=slem-5 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | slem-5 | aarch64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-micro-5.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.4 | aarch64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-micro-5.3 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-micro-5.3 | aarch64 | |
Affected | pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-15.4 | suse | libopenssl3 | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/libopenssl3-32bit?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl3-32bit | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=s390x&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=ppc64le&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/libopenssl-3-devel?arch=aarch64&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/libopenssl-3-devel-32bit?arch=x86_64&distro=opensuse-leap-15.4 | suse | libopenssl-3-devel-32bit | < 3.0.8-150400.4.42.1 | opensuse-leap-15.4 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |