Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2025:20014-1 important: openssl-3 DoS issue resolved

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
This SUSE advisory emphasizes essential upgrades for openssl-3, libpulp, and ulp-macros to resolve significant vulnerabilities and corrections.
* bsc#1220523 * bsc#1220690 * bsc#1220693 * bsc#1220696 * bsc#1221365

Summary

## This update for openssl-3, libpulp, ulp-macros fixes the following issues: openssl-3: \- CVE-2024-6119: possible denial of service in X.509 name checks (bsc#1229465) \- CVE-2024-5535: SSL_select_next_proto buffer overread (bsc#1227138) \- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers (bsc#1225551) \- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) \- CVE-2024-2511: Fix unconstrained session cache growth in TLSv1.3 (bsc#1222548) \- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365) \- FIPS: RSA keygen PCT requirements. (bsc#1221760, bsc#1221753) \- FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode. (bsc#1220523) \- FIPS: Port openssl to

References

* bsc#1220523

* bsc#1220690

* bsc#1220693

* bsc#1220696

* bsc#1221365

* bsc#1221751

* bsc#1221752

* bsc#1221753

* bsc#1221760

* bsc#1221763

* bsc#1221786

* bsc#1221787

* bsc#1221821

* bsc#1221822

* bsc#1221824

* bsc#1221827

* bsc#1222548

* bsc#1222899

* bsc#1223306

* bsc#1223336

* bsc#1223428

* bsc#1224388

* bsc#1225291

* bsc#1225551

* bsc#1226463

* bsc#1227138

* bsc#1229465

Cross-

* CVE-2024-2511

* CVE-2024-4603

* CVE-2024-4741

* CVE-2024-5535

* CVE-2024-6119

CVSS scores:

* CVE-2024-2511 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-2511 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-4603 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-4603 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20014-1
Release Date: 2025-02-03T08:48:39Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here