Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:3106-1

Опубликовано: 03 сент. 2024
Источник: suse-cvrf

Описание

Security update for openssl-3

This update for openssl-3 fixes the following issues:

  • CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Other fixes:

  • FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
  • FIPS: RSA keygen PCT requirements.
  • FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523).
  • FIPS: Port openssl to use jitterentropy (bsc#1220523).
  • FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
  • FIPS: Service Level Indicator (bsc#1221365).
  • FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751).
  • FIPS: Add required selftests: (bsc#1221760).
  • FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
  • FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
  • FIPS: Zero initialization required (bsc#1221752).
  • FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
  • FIPS: NIST SP 800-56Brev2 (bsc#1221824).
  • FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
  • FIPS: Port openssl to use jitterentropy (bsc#1220523).
  • FIPS: NIST SP 800-56Arev3 (bsc#1221822).
  • FIPS: Error state has to be enforced (bsc#1221753).

Список пакетов

Container bci/bci-init:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/bci-sle15-kernel-module-devel:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/gcc:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/golang:1.22-openssl
libopenssl-3-devel-3.1.4-150600.5.15.1
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/golang:1.23
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/golang:latest
libopenssl-3-devel-3.1.4-150600.5.15.1
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/kiwi:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/node:22
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/nodejs:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/openjdk-devel:17
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/openjdk-devel:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/openjdk:17
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/openjdk:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/php-apache:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/php-fpm:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/php:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/python:3
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/python:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container bci/ruby:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/rust:1.84
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/rust:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container bci/spack:latest
libopenssl-3-devel-3.1.4-150600.5.15.1
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-pulsar:3.3
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-tomcat:10.1-openjdk11
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-tomcat:10.1-openjdk17
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-tomcat:10.1-openjdk21
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-tomcat:9-openjdk11
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-tomcat:9-openjdk17
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-tomcat:9-openjdk21
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/apache-tomcat:9-openjdk8
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/milvus:2.4
libopenssl3-3.1.4-150600.5.15.1
Container containers/ollama:0
libopenssl3-3.1.4-150600.5.15.1
Container containers/open-webui:0
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/python:3.11
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/python:3.9
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container containers/pytorch:2-nvidia
libopenssl3-3.1.4-150600.5.15.1
Container containers/pytorch:2.5.0
libopenssl3-3.1.4-150600.5.15.1
Container suse/389-ds:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/git:latest
libopenssl3-3.1.4-150600.5.15.1
Container suse/helm:latest
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/proxy-httpd:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/proxy-salt-broker:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/proxy-squid:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/proxy-ssh:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/proxy-tftpd:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/server-attestation:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/server-migration-14-16:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/manager/5.0/x86_64/server:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/mariadb-client:latest
libopenssl3-3.1.4-150600.5.15.1
Container suse/mariadb:latest
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/nginx:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/pcp:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/postgres:16
libopenssl3-3.1.4-150600.5.15.1
Container suse/postgres:latest
libopenssl3-3.1.4-150600.5.15.1
Container suse/registry:latest
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/rmt-server:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container suse/sle15:15.6
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Container suse/stunnel:latest
libopenssl3-3.1.4-150600.5.15.1
Container trento/trento-wanda:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Container trento/trento-web:latest
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
Image SLES15-SP6
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-Azure-Basic
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-Azure-Standard
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-BYOS
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-BYOS-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-BYOS-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-BYOS-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-CHOST-BYOS
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-CHOST-BYOS-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-CHOST-BYOS-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-CHOST-BYOS-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-CHOST-BYOS-GDC
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-EC2-ECS-HVM
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC-BYOS
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC-BYOS-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC-BYOS-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC-BYOS-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-HPC-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-Hardened-BYOS
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-Hardened-BYOS-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-Hardened-BYOS-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-Hardened-BYOS-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Azure
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-BYOS
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-BYOS-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-BYOS-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-BYOS-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-EC2
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-GCE
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened-BYOS
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened-EC2
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAP-Hardened-GCE
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAPCAL
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAPCAL-Azure
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAPCAL-EC2
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image SLES15-SP6-SAPCAL-GCE
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image ai_15_6
libopenssl3-3.1.4-150600.5.15.1
Image python_15_6
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
Image tomcat_15_6
libopenssl3-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libopenssl-3-devel-3.1.4-150600.5.15.1
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl-3-fips-provider-32bit-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
openSUSE Leap 15.6
libopenssl-3-devel-3.1.4-150600.5.15.1
libopenssl-3-devel-32bit-3.1.4-150600.5.15.1
libopenssl-3-fips-provider-3.1.4-150600.5.15.1
libopenssl-3-fips-provider-32bit-3.1.4-150600.5.15.1
libopenssl3-3.1.4-150600.5.15.1
libopenssl3-32bit-3.1.4-150600.5.15.1
openssl-3-3.1.4-150600.5.15.1
openssl-3-doc-3.1.4-150600.5.15.1

Ссылки

Описание

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Затронутые продукты
Container bci/bci-init:latest:libopenssl-3-fips-provider-3.1.4-150600.5.15.1
Container bci/bci-init:latest:libopenssl3-3.1.4-150600.5.15.1
Container bci/bci-sle15-kernel-module-devel:latest:libopenssl-3-fips-provider-3.1.4-150600.5.15.1
Container bci/bci-sle15-kernel-module-devel:latest:libopenssl3-3.1.4-150600.5.15.1
Ссылки
Уязвимость SUSE-SU-2024:3106-1