SUSE-SU-2024:0814-1

Опубликовано: 08 мар. 2024

Источник: suse-cvrf

Описание

Security update for openssl-1_0_0

This update for openssl-1_0_0 fixes the following issues:

CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Container suse/sles12sp5:latest

libopenssl1_0_0-1.0.2p-3.90.1

libopenssl1_0_0-hmac-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-Azure-BYOS

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-Azure-Basic-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-Azure-HPC-BYOS

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-Azure-HPC-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-Azure-SAP-BYOS

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-Azure-SAP-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-Azure-Standard-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-EC2-BYOS

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-EC2-ECS-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-EC2-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-EC2-SAP-BYOS

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-EC2-SAP-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-GCE-BYOS

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-GCE-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-GCE-SAP-BYOS

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-GCE-SAP-On-Demand

libopenssl1_0_0-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libopenssl1_0_0-1.0.2p-3.90.1

libopenssl1_0_0-32bit-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libopenssl1_0_0-1.0.2p-3.90.1

libopenssl1_0_0-32bit-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

SUSE Linux Enterprise Server 12 SP5

libopenssl-1_0_0-devel-1.0.2p-3.90.1

libopenssl1_0_0-1.0.2p-3.90.1

libopenssl1_0_0-32bit-1.0.2p-3.90.1

libopenssl1_0_0-hmac-1.0.2p-3.90.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

openssl-1_0_0-doc-1.0.2p-3.90.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libopenssl-1_0_0-devel-1.0.2p-3.90.1

libopenssl1_0_0-1.0.2p-3.90.1

libopenssl1_0_0-32bit-1.0.2p-3.90.1

libopenssl1_0_0-hmac-1.0.2p-3.90.1

libopenssl1_0_0-hmac-32bit-1.0.2p-3.90.1

openssl-1_0_0-1.0.2p-3.90.1

openssl-1_0_0-doc-1.0.2p-3.90.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libopenssl-1_0_0-devel-1.0.2p-3.90.1

libopenssl-1_0_0-devel-32bit-1.0.2p-3.90.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240814-1/
Link for SUSE-SU-2024:0814-1
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018132.html
E-Mail link for SUSE-SU-2024:0814-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1219243
SUSE Bug 1219243
https://www.suse.com/security/cve/CVE-2024-0727/
SUSE CVE CVE-2024-0727 page

Описание

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:libopenssl1_0_0-1.0.2p-3.90.1

Container suse/ltss/sle12.5/sles12sp5:latest:openssl-1_0_0-1.0.2p-3.90.1

Container suse/sles12sp5:latest:libopenssl1_0_0-1.0.2p-3.90.1

Container suse/sles12sp5:latest:libopenssl1_0_0-hmac-1.0.2p-3.90.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-0727.html
CVE-2024-0727
https://bugzilla.suse.com/1219243
SUSE Bug 1219243

SUSE-SU-2024:0814-1

Описание

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp5:latest

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2024-0727

Описание

Затронутые продукты

Ссылки