SUSE-SU-2023:1737-1

Опубликовано: 03 апр. 2023

Источник: suse-cvrf

Описание

Security update for compat-openssl098

This update for compat-openssl098 fixes the following issues:

CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS

libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-Azure-SAP-On-Demand

libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-EC2-SAP-BYOS

libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-EC2-SAP-On-Demand

libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-GCE-SAP-BYOS

libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-GCE-SAP-On-Demand

libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libopenssl0_9_8-0.9.8j-106.45.1

SUSE Linux Enterprise Module for Legacy 12

libopenssl0_9_8-0.9.8j-106.45.1

libopenssl0_9_8-32bit-0.9.8j-106.45.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libopenssl0_9_8-0.9.8j-106.45.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libopenssl0_9_8-0.9.8j-106.45.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20231737-1/
Link for SUSE-SU-2023:1737-1
https://lists.suse.com/pipermail/sle-updates/2023-April/028602.html
E-Mail link for SUSE-SU-2023:1737-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209624
SUSE Bug 1209624
https://www.suse.com/security/cve/CVE-2023-0464/
SUSE CVE CVE-2023-0464 page

Описание

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Затронутые продукты

Image SLES12-SP5-Azure-SAP-BYOS:libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-Azure-SAP-On-Demand:libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-EC2-SAP-BYOS:libopenssl0_9_8-0.9.8j-106.45.1

Image SLES12-SP5-EC2-SAP-On-Demand:libopenssl0_9_8-0.9.8j-106.45.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-0464.html
CVE-2023-0464
https://bugzilla.suse.com/1209624
SUSE Bug 1209624
https://bugzilla.suse.com/1225628
SUSE Bug 1225628

SUSE-SU-2023:1737-1

Описание

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Module for Legacy 12

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2023-0464

Описание

Затронутые продукты

Ссылки