SUSE-SU-2024:3905-1

Опубликовано: 04 нояб. 2024

Источник: suse-cvrf

Описание

Security update for openssl-1_1

This update for openssl-1_1 fixes the following issues:

Security fixes:

CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

Other fixes:

FIPS: AES GCM external IV implementation (bsc#1228618)
FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623)
FIPS: Enforce KDF in FIPS style (bsc#1224270)
FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619)
FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269)
FIPS: Differentiate the PSS length requirements (bsc#1224275)
FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272)
FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271)
FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266)
FIPS: DH FIPS selftest and safe prime group (bsc#1224264)
FIPS: Remove not needed FIPS DRBG files (bsc#1224268)
FIPS: Add Pair-wise Consistency Test when generating DH key (bsc#1224265)
FIPS: Disallow non-approved KDF types (bsc#1224267)
FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 (bsc#1224273)
FIPS: DRBG component chaining (bsc#1224258)
FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size (bsc#1224260)

Список пакетов

Container bci/bci-base-fips:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/bci-sle15-kernel-module-devel:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-aspnet:6.0

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-aspnet:8.0

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-aspnet:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-runtime:6.0

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-runtime:8.0

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-runtime:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-sdk:6.0

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-sdk:8.0

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-sdk:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/kiwi:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/python:3

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/ruby:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/rust:1.84

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/rust:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/spack:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container containers/apache-pulsar:3.3

libopenssl1_1-1.1.1w-150600.5.9.1

Container containers/apache-tomcat:10.1-openjdk11

libopenssl1_1-1.1.1w-150600.5.9.1

Container containers/apache-tomcat:10.1-openjdk17

libopenssl1_1-1.1.1w-150600.5.9.1

Container containers/apache-tomcat:10.1-openjdk21

libopenssl1_1-1.1.1w-150600.5.9.1

Container containers/python:3.9

libopenssl1_1-1.1.1w-150600.5.9.1

Container containers/pytorch:2-nvidia

libopenssl1_1-1.1.1w-150600.5.9.1

Container containers/pytorch:2.5.0

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/389-ds:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/manager/5.0/x86_64/proxy-httpd:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/manager/5.0/x86_64/proxy-salt-broker:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/manager/5.0/x86_64/proxy-ssh:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/manager/5.0/x86_64/proxy-tftpd:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/manager/5.0/x86_64/server-migration-14-16:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/manager/5.0/x86_64/server:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/mariadb:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container suse/rmt-server:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container trento/trento-wanda:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Container trento/trento-web:latest

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-Azure-Basic

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-Azure-Standard

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-BYOS-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-BYOS-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-BYOS-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-CHOST-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-CHOST-BYOS-Aliyun

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-CHOST-BYOS-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-CHOST-BYOS-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-CHOST-BYOS-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-CHOST-BYOS-GDC

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-EC2-ECS-HVM

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC-BYOS-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC-BYOS-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC-BYOS-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-HPC-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-Hardened-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-Hardened-BYOS-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-Hardened-BYOS-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-Hardened-BYOS-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-BYOS-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-BYOS-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-BYOS-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened-BYOS

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAP-Hardened-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAPCAL

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAPCAL-Azure

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAPCAL-EC2

libopenssl1_1-1.1.1w-150600.5.9.1

Image SLES15-SP6-SAPCAL-GCE

libopenssl1_1-1.1.1w-150600.5.9.1

Image ai_15_6

libopenssl1_1-1.1.1w-150600.5.9.1

Image python_15_6

libopenssl1_1-1.1.1w-150600.5.9.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

libopenssl1_1-1.1.1w-150600.5.9.1

libopenssl1_1-32bit-1.1.1w-150600.5.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

libopenssl-1_1-devel-1.1.1w-150600.5.9.1

SUSE Linux Enterprise Module for Legacy 15 SP6

openssl-1_1-1.1.1w-150600.5.9.1

openSUSE Leap 15.6

libopenssl-1_1-devel-1.1.1w-150600.5.9.1

libopenssl-1_1-devel-32bit-1.1.1w-150600.5.9.1

libopenssl1_1-1.1.1w-150600.5.9.1

libopenssl1_1-32bit-1.1.1w-150600.5.9.1

openssl-1_1-1.1.1w-150600.5.9.1

openssl-1_1-doc-1.1.1w-150600.5.9.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243905-1/
Link for SUSE-SU-2024:3905-1
https://lists.suse.com/pipermail/sle-security-updates/2024-November/019774.html
E-Mail link for SUSE-SU-2024:3905-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1220262
SUSE Bug 1220262
https://bugzilla.suse.com/1224258
SUSE Bug 1224258
https://bugzilla.suse.com/1224260
SUSE Bug 1224260
https://bugzilla.suse.com/1224264
SUSE Bug 1224264
https://bugzilla.suse.com/1224265
SUSE Bug 1224265
https://bugzilla.suse.com/1224266
SUSE Bug 1224266
https://bugzilla.suse.com/1224267
SUSE Bug 1224267
https://bugzilla.suse.com/1224268
SUSE Bug 1224268
https://bugzilla.suse.com/1224269
SUSE Bug 1224269
https://bugzilla.suse.com/1224270
SUSE Bug 1224270
https://bugzilla.suse.com/1224271
SUSE Bug 1224271
https://bugzilla.suse.com/1224272
SUSE Bug 1224272
https://bugzilla.suse.com/1224273
SUSE Bug 1224273
https://bugzilla.suse.com/1224275
SUSE Bug 1224275
https://bugzilla.suse.com/1228618
SUSE Bug 1228618
https://bugzilla.suse.com/1228619
SUSE Bug 1228619
https://bugzilla.suse.com/1228623
SUSE Bug 1228623

Описание

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Затронутые продукты

Container bci/bci-base-fips:latest:libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/bci-sle15-kernel-module-devel:latest:libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-aspnet:6.0:libopenssl1_1-1.1.1w-150600.5.9.1

Container bci/dotnet-aspnet:8.0:libopenssl1_1-1.1.1w-150600.5.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-50782.html
CVE-2023-50782
https://bugzilla.suse.com/1218043
SUSE Bug 1218043