Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE OpenSSL-3 Security Update: 2025:1516-1 Moderate Denial of Service Fix

suse
Calendar Grey May 8, 2025
Dist Suse Esm H88
A critical security bulletin pertaining to openssl-3 for SUSE, focusing on a significant concern and several resolutions.
* bsc#1220523 * bsc#1220690 * bsc#1220693 * bsc#1220696 * bsc#1221365

Summary

## This update for openssl-3 fixes the following issues: * CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: * FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). * FIPS: RSA keygen PCT requirements. * FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). * FIPS: Port openssl to use jitterentropy (bsc#1220523). * FIPS: Block non-Approved Elliptic Curves (bsc#1221786). * FIPS: Service Level Indicator (bsc#1221365). * FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). * FIPS: Add required selftests: (bsc#1221760). * FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).

Topics%20covered

Topics Covered

security advisory moderate denial of service security fix SUSE openssl

References

* bsc#1220523

* bsc#1220690

* bsc#1220693

* bsc#1220696

* bsc#1221365

* bsc#1221751

* bsc#1221752

* bsc#1221753

* bsc#1221760

* bsc#1221786

* bsc#1221787

* bsc#1221821

* bsc#1221822

* bsc#1221824

* bsc#1221827

* bsc#1229465

Cross-

* CVE-2024-6119

CVSS scores:

* CVE-2024-6119 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-6119 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Certifications Module 15-SP7

* SUSE Linux Enterprise Desktop 15 SP7

* SUSE Linux Enterprise Server 15 SP7

* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has 15 security fixes can now be

installed.

##

* https://www.suse.com/security/cve/CVE-2024-6119.html

Announcement ID: SUSE-SU-2025:1516-1
Release Date: 2025-05-08T13:17:46Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service security fix SUSE openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here