Alerts This Week
Warning Icon 1 674
Alerts This Week
Warning Icon 1 674

SUSE: 2025:0005-1 critical: liboqs and oqs-provider buffer overflow

suse
Calendar Grey January 2, 2025
Dist Suse Esm H88
Patch rollout for liboqs and oqs-provider, tackling urgent vulnerabilities and improving cryptographic features.
* bsc#1226162 * bsc#1226468 * bsc#1234292 Cross-References:

Summary

## This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: * This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release. * This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203). * The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to

Topics%20covered

Topics Covered

security advisory buffer overflow important SUSE cryptographic algorithms liboqs oqs-provider

References

* bsc#1226162

* bsc#1226468

* bsc#1234292

Cross-

* CVE-2024-36405

* CVE-2024-37305

* CVE-2024-54137

CVSS scores:

* CVE-2024-36405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-37305 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2024-54137 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2024-54137 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP6

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise Real Time 15 SP6

* SUSE Linux Enterprise Server 15 SP6

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

##

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0005-1
Release Date: 2025-01-02T08:01:46Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important SUSE cryptographic algorithms liboqs oqs-provider

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here