Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 9: MGASA-2024-0020 Moderate: OpenSSL Buffer Overflow

mageia
Calendar Grey February 4, 2024
Dist Mageia Esm H88
Recent OpenSSL updates address various security flaws, which include prolonged durations in Diffie-Hellman verifications and concerns related to PowerPC architecture.
The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value

Summary

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. (CVE-2023-5678) POLY1305 MAC implementation corrupts vector registers on PowerPC. (CVE-2023-6129) Excessive time spent checking invalid RSA public keys. (CVE-2023-6237) PKCS12 Decoding crashes. (CVE-2024-0727)

References

- https://bugs.mageia.org/show_bug.cgi?id=32498

- https://openssl-library.org/news/secadv/20231106.txt

- https://openssl-library.org/news/secadv/20240109.txt

- https://openssl-library.org/news/secadv/20240115.txt

- https://openssl-library.org/news/secadv/20240125.txt

- https://www.cve.org/CVERecord?id=CVE-2023-5678

- https://www.cve.org/CVERecord?id=CVE-2023-6129

- https://www.cve.org/CVERecord?id=CVE-2023-6237

- https://www.cve.org/CVERecord?id=CVE-2024-0727

Resolution

SRPMS

- 9/core/openssl-3.0.12-1.1.mga9

Publication date: 04 Feb 2024
URL: https://advisories.mageia.org/MGASA-2024-0020.html
Type: security
CVE: CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here