Описание
Security update for openssl-1_1
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
Список пакетов
Container bci/bci-base-fips:15.5
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/bci-init:15.5
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/bci-sle15-kernel-module-devel:15.5
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/golang:1.20-openssl
libopenssl-1_1-devel-1.1.1l-150500.17.15.1
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/golang:1.21
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/golang:latest
libopenssl-1_1-devel-1.1.1l-150500.17.15.1
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/node:16
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/node:18
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/nodejs:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/openjdk-devel:11
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/openjdk-devel:17
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/openjdk:11
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/openjdk:17
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/php-apache:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/php-fpm:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/php:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/python:3
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/python:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container bci/ruby:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/rust:1.77
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/rust:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container rancher/elemental-operator:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container rancher/seedimage-builder:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/389-ds:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/git:latest
libopenssl1_1-1.1.1l-150500.17.15.1
Container suse/helm:latest
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/ltss/sle15.5/sle15:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/nginx:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container suse/pcp:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container suse/postgres:14
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container suse/postgres:15
libopenssl1_1-1.1.1l-150500.17.15.1
Container suse/postgres:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container suse/registry:latest
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/rmt-mariadb-client:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container suse/rmt-mariadb:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container suse/rmt-server:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container suse/sle-micro/5.5/toolbox:latest
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/sle-micro/5.5:latest
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/sle-micro/base-5.5:latest
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Container suse/sle-micro/kvm-5.5:latest
libopenssl1_1-1.1.1l-150500.17.15.1
Container suse/sle-micro/rt-5.5:latest
libopenssl1_1-1.1.1l-150500.17.15.1
Container suse/sle15:15.5
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Azure-3P
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Azure-Basic
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Azure-Standard
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-CHOST-BYOS-Aliyun
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-CHOST-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-CHOST-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-CHOST-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-CHOST-BYOS-GDC
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-HPC-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-HPC-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-HPC-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-HPC-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Hardened-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Hardened-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Hardened-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5-BYOS
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-Micro-5-5-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Azure-3P
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Hardened-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAP-Hardened-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAPCAL-Azure
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAPCAL-EC2
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
Image SLES15-SP5-SAPCAL-GCE
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libopenssl-1_1-devel-1.1.1l-150500.17.15.1
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
openSUSE Leap 15.5
libopenssl-1_1-devel-1.1.1l-150500.17.15.1
libopenssl-1_1-devel-32bit-1.1.1l-150500.17.15.1
libopenssl1_1-1.1.1l-150500.17.15.1
libopenssl1_1-32bit-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-1.1.1l-150500.17.15.1
libopenssl1_1-hmac-32bit-1.1.1l-150500.17.15.1
openssl-1_1-1.1.1l-150500.17.15.1
openssl-1_1-doc-1.1.1l-150500.17.15.1
Ссылки
- Link for SUSE-SU-2023:3242-1
- E-Mail link for SUSE-SU-2023:3242-1
- SUSE Security Ratings
- SUSE Bug 1213853
- SUSE CVE CVE-2023-3817 page
Описание
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
Затронутые продукты
Container bci/bci-base-fips:15.5:libopenssl1_1-1.1.1l-150500.17.15.1
Container bci/bci-base-fips:15.5:libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Container bci/bci-init:15.5:libopenssl1_1-1.1.1l-150500.17.15.1
Container bci/bci-init:15.5:libopenssl1_1-hmac-1.1.1l-150500.17.15.1
Ссылки
- CVE-2023-3817
- SUSE Bug 1213853
- SUSE Bug 1216922