Описание
Security update for openssl-3
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
Список пакетов
Container bci/bci-init:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/bci-sle15-kernel-module-devel:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/gcc:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/golang:1.22-openssl
libopenssl-3-devel-3.1.4-150600.5.18.1
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/golang:1.23
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/golang:latest
libopenssl-3-devel-3.1.4-150600.5.18.1
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/kiwi:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/node:22
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/nodejs:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/openjdk-devel:17
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/openjdk-devel:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/openjdk:17
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/openjdk:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/php-apache:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/php-fpm:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/php:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/python:3
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/python:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container bci/ruby:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/rust:1.84
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/rust:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container bci/spack:latest
libopenssl-3-devel-3.1.4-150600.5.18.1
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-pulsar:3.3
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-tomcat:10.1-openjdk11
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-tomcat:10.1-openjdk17
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-tomcat:10.1-openjdk21
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-tomcat:9-openjdk11
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-tomcat:9-openjdk17
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-tomcat:9-openjdk21
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/apache-tomcat:9-openjdk8
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/milvus:2.4
libopenssl3-3.1.4-150600.5.18.1
Container containers/ollama:0
libopenssl3-3.1.4-150600.5.18.1
Container containers/open-webui:0
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/python:3.11
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/python:3.9
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container containers/pytorch:2-nvidia
libopenssl3-3.1.4-150600.5.18.1
Container containers/pytorch:2.5.0
libopenssl3-3.1.4-150600.5.18.1
Container suse/389-ds:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/git:latest
libopenssl3-3.1.4-150600.5.18.1
Container suse/helm:latest
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/proxy-httpd:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/proxy-salt-broker:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/proxy-squid:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/proxy-ssh:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/proxy-tftpd:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/server-attestation:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/server-migration-14-16:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/manager/5.0/x86_64/server:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/mariadb-client:latest
libopenssl3-3.1.4-150600.5.18.1
Container suse/mariadb:latest
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/nginx:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/pcp:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/postgres:16
libopenssl3-3.1.4-150600.5.18.1
Container suse/postgres:latest
libopenssl3-3.1.4-150600.5.18.1
Container suse/registry:latest
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/rmt-server:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container suse/sle15:15.6
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Container suse/stunnel:latest
libopenssl3-3.1.4-150600.5.18.1
Container trento/trento-wanda:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Container trento/trento-web:latest
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
Image SLES15-SP6
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-Azure-Basic
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-Azure-Standard
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-BYOS
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-BYOS-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-BYOS-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-BYOS-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-CHOST-BYOS
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-CHOST-BYOS-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-CHOST-BYOS-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-CHOST-BYOS-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-CHOST-BYOS-GDC
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-EC2-ECS-HVM
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC-BYOS
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC-BYOS-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC-BYOS-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC-BYOS-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-HPC-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-Hardened-BYOS
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-Hardened-BYOS-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-Hardened-BYOS-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-Hardened-BYOS-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Azure
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-BYOS
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-BYOS-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-BYOS-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-BYOS-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-EC2
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-GCE
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened-BYOS
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened-EC2
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAP-Hardened-GCE
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAPCAL
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAPCAL-Azure
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAPCAL-EC2
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image SLES15-SP6-SAPCAL-GCE
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image ai_15_6
libopenssl3-3.1.4-150600.5.18.1
Image python_15_6
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
Image tomcat_15_6
libopenssl3-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libopenssl-3-devel-3.1.4-150600.5.18.1
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl-3-fips-provider-32bit-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
openSUSE Leap 15.6
libopenssl-3-devel-3.1.4-150600.5.18.1
libopenssl-3-devel-32bit-3.1.4-150600.5.18.1
libopenssl-3-fips-provider-3.1.4-150600.5.18.1
libopenssl-3-fips-provider-32bit-3.1.4-150600.5.18.1
libopenssl3-3.1.4-150600.5.18.1
libopenssl3-32bit-3.1.4-150600.5.18.1
openssl-3-3.1.4-150600.5.18.1
openssl-3-doc-3.1.4-150600.5.18.1
Ссылки
- Link for SUSE-SU-2024:3501-1
- E-Mail link for SUSE-SU-2024:3501-1
- SUSE Security Ratings
- SUSE Bug 1230698
- SUSE CVE CVE-2024-41996 page
Описание
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
Затронутые продукты
Container bci/bci-init:latest:libopenssl-3-fips-provider-3.1.4-150600.5.18.1
Container bci/bci-init:latest:libopenssl3-3.1.4-150600.5.18.1
Container bci/bci-sle15-kernel-module-devel:latest:libopenssl-3-fips-provider-3.1.4-150600.5.18.1
Container bci/bci-sle15-kernel-module-devel:latest:libopenssl3-3.1.4-150600.5.18.1
Ссылки
- CVE-2024-41996
- SUSE Bug 1229742