Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2024:3905-1 moderate: openssl-1_1 PKCS#1 security fix

suse
Calendar Grey November 4, 2024
Dist Suse Esm H88
A medium-level security notice has been issued for openssl-1_1 by SUSE, highlighting several vulnerabilities. Appropriate patches and updates are provided to mitigate these concerns.
* bsc#1220262 * bsc#1224258 * bsc#1224260 * bsc#1224264 * bsc#1224265

Summary

## This update for openssl-1_1 fixes the following issues: Security fixes: * CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) Other fixes: * FIPS: AES GCM external IV implementation (bsc#1228618) * FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623) * FIPS: Enforce KDF in FIPS style (bsc#1224270) * FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619) * FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269) * FIPS: Differentiate the PSS length requirements (bsc#1224275) * FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272) * FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271) * FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266)

Topics%20covered

Topics Covered

security advisory moderate DoS security fix SUSE openssl PKCS#1

References

* bsc#1220262

* bsc#1224258

* bsc#1224260

* bsc#1224264

* bsc#1224265

* bsc#1224266

* bsc#1224267

* bsc#1224268

* bsc#1224269

* bsc#1224270

* bsc#1224271

* bsc#1224272

* bsc#1224273

* bsc#1224275

* bsc#1228618

* bsc#1228619

* bsc#1228623

Cross-

* CVE-2023-50782

CVSS scores:

* CVE-2023-50782 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6

* Development Tools Module 15-SP6

* Legacy Module 15-SP6

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise Real Time 15 SP6

* SUSE Linux Enterprise Server 15 SP6

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

Announcement ID: SUSE-SU-2024:3905-1
Release Date: 2024-11-04T12:39:19Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate DoS security fix SUSE openssl PKCS#1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here