Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderateinformation disclosure

openSUSE: qatengine, qatlib Moderate Access Issues SUSE-SU-2025:4053-1

An update that solves three vulnerabilities can now be installed.. # Security update for qatengine, qatlib Announcement ID: SUSE-SU-2025:4053-1 Release Date: 2025-11-11T13:46:59Z Rating: moderate References: * bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: * CVE-2024-28885 * CVE-2024-31074 * CVE-2024-33617 CVSS scores: * CVE-2024-28885 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28885 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X *CVE-2024-33617 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * CVE-2024-28885: Fixed observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. (bsc#1233363) * CVE-2024-31074: Fixed observable timing discrepancy may allow information disclosure via network access (bsc#1233365) * CVE-2024-33617: Fixed insufficient control flow management may allow information disclosure via network access (bsc#1233366) qatengine was updated to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibilityissues * Optimize hex dump logging * Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 * update to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues * version update to 24.02.0 * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-4053=1 openSUSE-SLE-15.6-2025-4053=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4053=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * qatlib-24.09.0-150600.3.3.1 * qatengine-debuginfo-1.7.0-150600.3.3.1 * libusdm0-debuginfo-24.09.0-150600.3.3.1 * qatlib-debuginfo-24.09.0-150600.3.3.1 * libusdm0-24.09.0-150600.3.3.1 * libqat4-24.09.0-150600.3.3.1 * qatlib-devel-24.09.0-150600.3.3.1 * qatengine-1.7.0-150600.3.3.1 * qatengine-debugsource-1.7.0-150600.3.3.1 * libqat4-debuginfo-24.09.0-150600.3.3.1 * qatlib-debugsource-24.09.0-150600.3.3.1 * Basesystem Module 15-SP6 (x86_64) * qatlib-24.09.0-150600.3.3.1 * qatengine-debuginfo-1.7.0-150600.3.3.1 * libusdm0-debuginfo-24.09.0-150600.3.3.1 *qatlib-debuginfo-24.09.0-150600.3.3.1 * libusdm0-24.09.0-150600.3.3.1 * libqat4-24.09.0-150600.3.3.1 * qatlib-devel-24.09.0-150600.3.3.1 * qatengine-1.7.0-150600.3.3.1 * qatengine-debugsource-1.7.0-150600.3.3.1 * libqat4-debuginfo-24.09.0-150600.3.3.1 * qatlib-debugsource-24.09.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28885.html * https://www.suse.com/security/cve/CVE-2024-31074.html * https://www.suse.com/security/cve/CVE-2024-33617.html * https://bugzilla.suse.com/show_bug.cgi?id=1233363 * https://bugzilla.suse.com/show_bug.cgi?id=1233365 * https://bugzilla.suse.com/show_bug.cgi?id=1233366 . Update for openSUSE addresses three vulnerabilities in qatengine and qatlib with moderate severity rating.. openSUSE update, qatengine vulnerabilities, qatlib security fix, information disclosure, SUSE security advisory. . LinuxSecurity.com Team

Calendar 2 Nov 11, 2025 OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateSuSE

SUSE: QAT Engine and Lib Moderate Info Disclosure Advisory 2025:4053-1

* bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: . # Security update for qatengine, qatlib Announcement ID: SUSE-SU-2025:4053-1 Release Date: 2025-11-11T13:46:59Z Rating: moderate References: * bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: * CVE-2024-28885 * CVE-2024-31074 * CVE-2024-33617 CVSS scores: * CVE-2024-28885 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28885 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * CVE-2024-28885: Fixed observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. (bsc#1233363) * CVE-2024-31074: Fixed observable timing discrepancy may allow information disclosure via network access (bsc#1233365) * CVE-2024-33617: Fixed insufficient control flow management may allow information disclosure via network access (bsc#1233366) qatengine was updated to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues *Optimize hex dump logging * Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 * update to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues * version update to 24.02.0 * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-4053=1 openSUSE-SLE-15.6-2025-4053=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4053=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * qatlib-24.09.0-150600.3.3.1 * qatengine-debuginfo-1.7.0-150600.3.3.1 * libusdm0-debuginfo-24.09.0-150600.3.3.1 * qatlib-debuginfo-24.09.0-150600.3.3.1 * libusdm0-24.09.0-150600.3.3.1 * libqat4-24.09.0-150600.3.3.1 * qatlib-devel-24.09.0-150600.3.3.1 * qatengine-1.7.0-150600.3.3.1 * qatengine-debugsource-1.7.0-150600.3.3.1 * libqat4-debuginfo-24.09.0-150600.3.3.1 * qatlib-debugsource-24.09.0-150600.3.3.1 * Basesystem Module 15-SP6 (x86_64) * qatlib-24.09.0-150600.3.3.1 * qatengine-debuginfo-1.7.0-150600.3.3.1 * libusdm0-debuginfo-24.09.0-150600.3.3.1 *qatlib-debuginfo-24.09.0-150600.3.3.1 * libusdm0-24.09.0-150600.3.3.1 * libqat4-24.09.0-150600.3.3.1 * qatlib-devel-24.09.0-150600.3.3.1 * qatengine-1.7.0-150600.3.3.1 * qatengine-debugsource-1.7.0-150600.3.3.1 * libqat4-debuginfo-24.09.0-150600.3.3.1 * qatlib-debugsource-24.09.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28885.html * https://www.suse.com/security/cve/CVE-2024-31074.html * https://www.suse.com/security/cve/CVE-2024-33617.html * https://bugzilla.suse.com/show_bug.cgi?id=1233363 * https://bugzilla.suse.com/show_bug.cgi?id=1233365 * https://bugzilla.suse.com/show_bug.cgi?id=1233366 . Critical updates for qatengine and qatlib fix information disclosure risks on SUSE systems. Ensure timely patching for security.. qatengine updates, SUSE security, qatlib vulnerabilities. . LinuxSecurity.com Team

Calendar 2 Nov 11, 2025 SuSE
Banner 1 1028x280 1708121660 1771599717
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatethreat mitigation

openSUSE Leap 15.4 SUSE-SU-2025:3942-1 qatengine qatlib Moderate Threat

An update that solves three vulnerabilities can now be installed.. # Security update for qatengine, qatlib Announcement ID: SUSE-SU-2025:3942-1 Release Date: 2025-11-05T08:16:03Z Rating: moderate References: * bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: * CVE-2024-28885 * CVE-2024-31074 * CVE-2024-33617 CVSS scores: * CVE-2024-28885 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28885 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X *CVE-2024-33617 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves three vulnerabilities can now be installed. ## Description: This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * bsc#1233363 (CVE-2024-28885) * bsc#1233365 (CVE-2024-31074) * bsc#1233366 (CVE-2024-33617) Update to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues * Optimize hex dump logging *Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 Update to 1.5.0: * use new --enable-qat_insecure_algorithms to avoid regressions * improve support for SM{2,3,4} ciphers * improve SW fallback support * many bug fixes, refactorisations and documentation updates * update to 0.6.18: * Fix address sanitizer issues * Fix issues with Babassl & Openssl3.0 * Add QAT_HW SM4 CBC support * Refactor ECX provider code into single file * Fix QAT_HW AES-GCM bad mac record & memleak * Fix SHA3 memory leak * Fix sm4-cbc build error with system default OpenSSL * Symmetric performance Optimization & memleak fixes * Bug fix, README & v0.6.18 Version update * Please refer README (Software requirements section) for dependent libraries release version and other information. * update to v0.6.17: * Add security policy - c1a7a96 * Add dependancy update tool file - 522c41d * Release v0.6.17 version update - c1a7a96 * Enable QAT_SW RSA & ECDSA support for BoringSSL - 1035e82 * Fix QAT_SW SM2 ECDSA Performance issue - f44a564 * CPP check and Makefile Bug fixes - 98ccbe8 * Fix buffer overflow issue with SHA3 and ECX - cab65f3 * Update version and README for v0.6.16 - 1c95fd7 * Split --with-qat_sw_install_dir into seperate configures - d5f5656 * Add seperate err files for Boringssl - 1a09627 * Fix QAT_HW & QAT_SW AES-GCM issue with s_server in provider - c775f5c * Fix issue with disable flags in provider - 2e00636 * Fix coredump issue in provider with qat_sw gcm - 6703c13 * Fix err files regeneration failure - 510f3dc * Add Provider Support for ChachaPoly and SM2 -a98e51d * Bug Fixes in testapp and with disable flags. - 0945535 * QAT HW&SW Co-existence dynamic mechanism support. - 5baf5aa * Fix issue with SIGUSR1 during reload. - 00ea833 * Refactor qat_hw instances based on Sym/Asym capabilities. - bb10128 * Replace deprecated pthread_yield with sched_yield. - d514406 * BoringSSL support for RSA and ECDSA. - 41c67c7 * Fix s_server lseek forever issue with qatprovider. - cb3db21 * Fix aes-cbc failure issue in testapp. - a530427 * Fix glibc version test - 2461966 * Fix issue with generator param and ECDSA verify. - c51fc17 * Provider Support for DSA, DH, HKDF, PRF, SHA3 & aes-cbc - 7cc5eb9 * Fix testapp issues and optimization - e7c2ba8 * Optimize setup and clear async event notification - 573fe48 * Fix Nginx worker process core dump in QAT_SW with pkill/killall - 4eb4473 * Add Cofactor to take optimized path in ECDH API - 9a23c7e * Fix double free issue with QAT_SW - 1a16708 * Add thread mapping to specific QAT_HW instance - 5ee799a * OpenSSL 3.0 Provider Support - 38086fa * Update README and version to v0.6.12 - dca2957 * Fixed worker process hung forever after nginx reload - bfe97aa * Remove OpenSSL 1.1.0 Support - da8682a * Add QAT_SW SM2 ECDH & SM3 support - 04a6af2 * QAT_SW ECDSA SM2 sign and verify Support - d44ae7e * Disable SM3, Bug fixes, Readme & version update - d995046 qatlib was updated to: Update to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues Version update to 24.02.0 * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md Update to 23.11.0: * use new --enable-legacy-algorithms to avoid regressions * add support for data compression chaining (hash then compress) * add support for additionalconfiguration profiles * add support DC NS (NoSession) APIs * add support DC CompressBound APIs * add Support for Chinese SM{2,3,4} ciphers * bump shared library major to 4 * refactoring, bug fixes and documentation updates Update to 22.07.2: * Changed from yasm to nasm for assembly compilation * Added configuration option to use C implementation of soft CRC implementation instead of asm * Added support for pkg-config * Added missing lock around accesses to some global data in qatmgr * Fix for QATE-86605 \u2013 improve error checking on size param used by qatmgr debug function. * Fix for issue #10 * Fixed link to Programmer's Guide * Added support for Compression LZ4 and LZ4s algorithms * Added support for Compression end-to-end integrity checks * Added support for PKE Generic Point Multiply APIs * Added support for CPM2.0b * Updated library to support new version of QAT APIs * Updated qat service to allow compression only and crypto only configurations * Created qatlib-tests rpm package * Added option to configure script to skip building sample code ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3942=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3942=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3942=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3942=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3942=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3942=1 * SUSE LinuxEnterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3942=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3942=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 *qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Manager Server 4.3 LTS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libqat4-24.09.0-150400.3.6.1 *qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 *qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28885.html * https://www.suse.com/security/cve/CVE-2024-31074.html * https://www.suse.com/security/cve/CVE-2024-33617.html * https://bugzilla.suse.com/show_bug.cgi?id=1233363 * https://bugzilla.suse.com/show_bug.cgi?id=1233365 * https://bugzilla.suse.com/show_bug.cgi?id=1233366 . An update to openSUSE fixes three moderate vulnerabilities in qatengine and qatlib software. Immediate action recommended.. openSUSE updates, qatengine vulnerabilities, qatlib security fixes. . LinuxSecurity.com Team

Calendar 2 Nov 05, 2025 OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateSuSE

SUSE: QAT Engine 2025:3942-1 Moderate Memory Leak Issues

* bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: . # Security update for qatengine, qatlib Announcement ID: SUSE-SU-2025:3942-1 Release Date: 2025-11-05T08:16:03Z Rating: moderate References: * bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: * CVE-2024-28885 * CVE-2024-31074 * CVE-2024-33617 CVSS scores: * CVE-2024-28885 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28885 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves three vulnerabilities can now be installed. ## Description: This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * bsc#1233363 (CVE-2024-28885) * bsc#1233365 (CVE-2024-31074) * bsc#1233366 (CVE-2024-33617) Update to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues * Optimize hex dump logging * Clear job tlv onerror * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 Update to 1.5.0: * use new --enable-qat_insecure_algorithms to avoid regressions * improve support for SM{2,3,4} ciphers * improve SW fallback support * many bug fixes, refactorisations and documentation updates * update to 0.6.18: * Fix address sanitizer issues * Fix issues with Babassl & Openssl3.0 * Add QAT_HW SM4 CBC support * Refactor ECX provider code into single file * Fix QAT_HW AES-GCM bad mac record & memleak * Fix SHA3 memory leak * Fix sm4-cbc build error with system default OpenSSL * Symmetric performance Optimization & memleak fixes * Bug fix, README & v0.6.18 Version update * Please refer README (Software requirements section) for dependent libraries release version and other information. * update to v0.6.17: * Add security policy - c1a7a96 * Add dependancy update tool file - 522c41d * Release v0.6.17 version update - c1a7a96 * Enable QAT_SW RSA & ECDSA support for BoringSSL - 1035e82 * Fix QAT_SW SM2 ECDSA Performance issue - f44a564 * CPP check and Makefile Bug fixes - 98ccbe8 * Fix buffer overflow issue with SHA3 and ECX - cab65f3 * Update version and README for v0.6.16 - 1c95fd7 * Split --with-qat_sw_install_dir into seperate configures - d5f5656 * Add seperate err files for Boringssl - 1a09627 * Fix QAT_HW & QAT_SW AES-GCM issue with s_server in provider - c775f5c * Fix issue with disable flags in provider - 2e00636 * Fix coredump issue in provider with qat_sw gcm - 6703c13 * Fix err files regeneration failure - 510f3dc * Add Provider Support for ChachaPoly and SM2 - a98e51d * BugFixes in testapp and with disable flags. - 0945535 * QAT HW&SW Co-existence dynamic mechanism support. - 5baf5aa * Fix issue with SIGUSR1 during reload. - 00ea833 * Refactor qat_hw instances based on Sym/Asym capabilities. - bb10128 * Replace deprecated pthread_yield with sched_yield. - d514406 * BoringSSL support for RSA and ECDSA. - 41c67c7 * Fix s_server lseek forever issue with qatprovider. - cb3db21 * Fix aes-cbc failure issue in testapp. - a530427 * Fix glibc version test - 2461966 * Fix issue with generator param and ECDSA verify. - c51fc17 * Provider Support for DSA, DH, HKDF, PRF, SHA3 & aes-cbc - 7cc5eb9 * Fix testapp issues and optimization - e7c2ba8 * Optimize setup and clear async event notification - 573fe48 * Fix Nginx worker process core dump in QAT_SW with pkill/killall - 4eb4473 * Add Cofactor to take optimized path in ECDH API - 9a23c7e * Fix double free issue with QAT_SW - 1a16708 * Add thread mapping to specific QAT_HW instance - 5ee799a * OpenSSL 3.0 Provider Support - 38086fa * Update README and version to v0.6.12 - dca2957 * Fixed worker process hung forever after nginx reload - bfe97aa * Remove OpenSSL 1.1.0 Support - da8682a * Add QAT_SW SM2 ECDH & SM3 support - 04a6af2 * QAT_SW ECDSA SM2 sign and verify Support - d44ae7e * Disable SM3, Bug fixes, Readme & version update - d995046 qatlib was updated to: Update to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues Version update to 24.02.0 * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md Update to 23.11.0: * use new --enable-legacy-algorithms to avoid regressions * add support for data compression chaining (hash then compress) * add support for additional configurationprofiles * add support DC NS (NoSession) APIs * add support DC CompressBound APIs * add Support for Chinese SM{2,3,4} ciphers * bump shared library major to 4 * refactoring, bug fixes and documentation updates Update to 22.07.2: * Changed from yasm to nasm for assembly compilation * Added configuration option to use C implementation of soft CRC implementation instead of asm * Added support for pkg-config * Added missing lock around accesses to some global data in qatmgr * Fix for QATE-86605 – improve error checking on size param used by qatmgr debug function. * Fix for issue #10 * Fixed link to Programmer's Guide * Added support for Compression LZ4 and LZ4s algorithms * Added support for Compression end-to-end integrity checks * Added support for PKE Generic Point Multiply APIs * Added support for CPM2.0b * Updated library to support new version of QAT APIs * Updated qat service to allow compression only and crypto only configurations * Created qatlib-tests rpm package * Added option to configure script to skip building sample code ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3942=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3942=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3942=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3942=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3942=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3942=1 * SUSE Linux EnterpriseHigh Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3942=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3942=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 *qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Manager Server 4.3 LTS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libqat4-24.09.0-150400.3.6.1 *qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 * qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libqat4-24.09.0-150400.3.6.1 * qatzip-debugsource-1.1.0-150400.3.3.1 * libqatzip3-1.1.0-150400.3.3.1 * qatlib-debugsource-24.09.0-150400.3.6.1 * libqat4-debuginfo-24.09.0-150400.3.6.1 * qatzip-1.1.0-150400.3.3.1 * qatengine-debugsource-1.7.0-150400.3.6.1 * qatlib-24.09.0-150400.3.6.1 * libqatzip3-debuginfo-1.1.0-150400.3.3.1 * libusdm0-debuginfo-24.09.0-150400.3.6.1 * qatlib-debuginfo-24.09.0-150400.3.6.1 * qatzip-devel-1.1.0-150400.3.3.1 * qatengine-debuginfo-1.7.0-150400.3.6.1 * qatengine-1.7.0-150400.3.6.1 *qatlib-devel-24.09.0-150400.3.6.1 * libusdm0-24.09.0-150400.3.6.1 * qatzip-debuginfo-1.1.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28885.html * https://www.suse.com/security/cve/CVE-2024-31074.html * https://www.suse.com/security/cve/CVE-2024-33617.html * https://bugzilla.suse.com/show_bug.cgi?id=1233363 * https://bugzilla.suse.com/show_bug.cgi?id=1233365 * https://bugzilla.suse.com/show_bug.cgi?id=1233366 . SUSE releases a moderate advisory for qatengine and qatlib addressing critical memory leak issues due to vulnerabilities.. SUSE Security Advisory, QAT Engine Update, QAT Lib Patch. . LinuxSecurity.com Team

Calendar 2 Nov 05, 2025 SuSE
Banner 1 1028x280 1708121660 1771599717
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateSuSE

SUSE 15 SP5: qatengine, qatlib Moderate Security Threat Update 2025:3943-1

* bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: . # Security update for qatengine, qatlib Announcement ID: SUSE-SU-2025:3943-1 Release Date: 2025-11-05T08:16:21Z Rating: moderate References: * bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: * CVE-2024-28885 * CVE-2024-31074 * CVE-2024-33617 CVSS scores: * CVE-2024-28885 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28885 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * bsc#1233363 (CVE-2024-28885) * bsc#1233365 (CVE-2024-31074) * bsc#1233366 (CVE-2024-33617) Update to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues * Optimize hex dump logging * Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() forqatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 Update to 1.5.0: * use new --enable-qat_insecure_algorithms to avoid regressions * improve support for SM{2,3,4} ciphers * improve SW fallback support * many bug fixes, refactorisations and documentation updates qatlib was updated to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues version update to 24.02.0: * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md update to 23.11.0: * use new --enable-legacy-algorithms to avoid regressions * add support for data compression chaining (hash then compress) * add support for additional configuration profiles * add support DC NS (NoSession) APIs * add support DC CompressBound APIs * add Support for Chinese SM{2,3,4} ciphers * bump shared library major to 4 * refactoring, bug fixes and documentation updates ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3943=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3943=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3943=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3943=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3943=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 *qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28885.html * https://www.suse.com/security/cve/CVE-2024-31074.html * https://www.suse.com/security/cve/CVE-2024-33617.html *https://bugzilla.suse.com/show_bug.cgi?id=1233363 * https://bugzilla.suse.com/show_bug.cgi?id=1233365 * https://bugzilla.suse.com/show_bug.cgi?id=1233366 . Install the SUSE update for qatengine and qatlib addressing moderate severity issues and enhancing security protocols.. SUSE update qatengine qatlib moderate. . LinuxSecurity.com Team

Calendar 2 Nov 05, 2025 SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatesecurity issue

openSUSE Leap 15.5: Security Advisory 2025:3943-1 CVE-2024-28885 Moderate

An update that solves three vulnerabilities can now be installed.. # Security update for qatengine, qatlib Announcement ID: SUSE-SU-2025:3943-1 Release Date: 2025-11-05T08:16:21Z Rating: moderate References: * bsc#1233363 * bsc#1233365 * bsc#1233366 Cross-References: * CVE-2024-28885 * CVE-2024-31074 * CVE-2024-33617 CVSS scores: * CVE-2024-28885 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28885 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-28885 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-31074 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-31074 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-33617 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-33617 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X *CVE-2024-33617 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * bsc#1233363 (CVE-2024-28885) * bsc#1233365 (CVE-2024-31074) * bsc#1233366 (CVE-2024-33617) Update to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues * Optimize hex dump logging * Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * EnableqaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 Update to 1.5.0: * use new --enable-qat_insecure_algorithms to avoid regressions * improve support for SM{2,3,4} ciphers * improve SW fallback support * many bug fixes, refactorisations and documentation updates qatlib was updated to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues version update to 24.02.0: * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md update to 23.11.0: * use new --enable-legacy-algorithms to avoid regressions * add support for data compression chaining (hash then compress) * add support for additional configuration profiles * add support DC NS (NoSession) APIs * add support DC CompressBound APIs * add Support for Chinese SM{2,3,4} ciphers * bump shared library major to 4 * refactoring, bug fixes and documentation updates ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-3943=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3943=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3943=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3943=1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3943=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 *qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libusdm0-debuginfo-24.09.0-150500.3.3.1 * qatzip-devel-1.1.0-150500.3.2.1 * qatengine-debugsource-1.7.0-150500.3.3.1 * libqatzip3-1.1.0-150500.3.2.1 * libqat4-24.09.0-150500.3.3.1 * qatlib-debuginfo-24.09.0-150500.3.3.1 * qatzip-debuginfo-1.1.0-150500.3.2.1 * qatengine-1.7.0-150500.3.3.1 * qatlib-debugsource-24.09.0-150500.3.3.1 * qatlib-24.09.0-150500.3.3.1 * libusdm0-24.09.0-150500.3.3.1 * qatzip-1.1.0-150500.3.2.1 * libqat4-debuginfo-24.09.0-150500.3.3.1 * qatzip-debugsource-1.1.0-150500.3.2.1 * libqatzip3-debuginfo-1.1.0-150500.3.2.1 * qatengine-debuginfo-1.7.0-150500.3.3.1 * qatlib-devel-24.09.0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28885.html * https://www.suse.com/security/cve/CVE-2024-31074.html *https://www.suse.com/security/cve/CVE-2024-33617.html * https://bugzilla.suse.com/show_bug.cgi?id=1233363 * https://bugzilla.suse.com/show_bug.cgi?id=1233365 * https://bugzilla.suse.com/show_bug.cgi?id=1233366 . Update for openSUSE addressing three vulnerabilities in qatengine and qatlib enhancing system security effectively.. openSUSE qatengine security update, qatlib vulnerabilities, system patch recommendations. . LinuxSecurity.com Team

Calendar 2 Nov 05, 2025 OpenSUSE
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here