Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2023:4952-2 critical: openssl vulnerabilities fixed

suse
Calendar Grey December 21, 2023
Dist Suse Esm H88
An update has been released for OpenSSL to address security flaws in Red Hat platforms. Apply this patch to enhance the protection of your infrastructure.
* bsc#1208143 * bsc#1217277 Cross-References: * CVE-2023-0361

Summary

## This update for gnutls fixes the following issues: * CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). * CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4952=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4952=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4952=1

Topics%20covered

Topics Covered

security advisory moderate exploit SUSE gnutls key exchange

References

* bsc#1208143

* bsc#1217277

Cross-

* CVE-2023-0361

* CVE-2023-5981

CVSS scores:

* CVE-2023-0361 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-0361 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-5981 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-5981 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* SUSE CaaS Platform 4.0

* SUSE Linux Enterprise High Performance Computing 15 SP1

* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1

* SUSE Linux Enterprise Server 15 SP1

* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1

* SUSE Linux Enterprise Server for SAP Applications 15 SP1

An update that solves two vulnerabilities can now be installed.

##

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4952-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate exploit SUSE gnutls key exchange

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here