SUSE-SU-2025:0430-1

Опубликовано: 11 фев. 2025

Источник: suse-cvrf

Описание

Security update for openssl-3

This update for openssl-3 fixes the following issues:

CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).

Список пакетов

Container bci/bci-init:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/bci-sle15-kernel-module-devel:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/gcc:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/golang:1.22-openssl

libopenssl-3-devel-3.1.4-150600.5.24.1

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/golang:1.23

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/golang:latest

libopenssl-3-devel-3.1.4-150600.5.24.1

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/kiwi:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/node:22

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/nodejs:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/openjdk-devel:17

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/openjdk-devel:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/openjdk:17

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/openjdk:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/php-apache:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/php-fpm:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/php:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/python:3

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/python:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container bci/ruby:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/rust:1.84

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/rust:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container bci/spack:latest

libopenssl-3-devel-3.1.4-150600.5.24.1

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/apache-tomcat:10.1-openjdk11

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/apache-tomcat:10.1-openjdk17

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/apache-tomcat:10.1-openjdk21

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/apache-tomcat:9-openjdk11

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/apache-tomcat:9-openjdk17

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/apache-tomcat:9-openjdk21

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/apache-tomcat:9-openjdk8

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/milvus:2.4

libopenssl3-3.1.4-150600.5.24.1

Container containers/ollama:0

libopenssl3-3.1.4-150600.5.24.1

Container containers/open-webui:0

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/python:3.11

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/python:3.9

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container containers/pytorch:2-nvidia

libopenssl3-3.1.4-150600.5.24.1

Container containers/pytorch:2.5.0

libopenssl3-3.1.4-150600.5.24.1

Container suse/389-ds:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/git:latest

libopenssl3-3.1.4-150600.5.24.1

Container suse/helm:latest

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/manager/5.0/x86_64/server-attestation:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/manager/5.0/x86_64/server:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/mariadb-client:latest

libopenssl3-3.1.4-150600.5.24.1

Container suse/mariadb:latest

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/nginx:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container suse/pcp:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container suse/postgres:16

libopenssl3-3.1.4-150600.5.24.1

Container suse/postgres:latest

libopenssl3-3.1.4-150600.5.24.1

Container suse/registry:latest

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/rmt-server:latest

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

Container suse/sle15:15.6

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Container suse/stunnel:latest

libopenssl3-3.1.4-150600.5.24.1

Image SLES15-SP6

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-BYOS

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-BYOS-GCE

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-CHOST-BYOS

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-CHOST-BYOS-Azure

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-CHOST-BYOS-EC2

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-CHOST-BYOS-GCE

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-CHOST-BYOS-GDC

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-GCE

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-Hardened-BYOS

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-Hardened-BYOS-GCE

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-SAP-BYOS

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image SLES15-SP6-SAP-BYOS-GCE

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

Image ai_15_6

libopenssl3-3.1.4-150600.5.24.1

Image python_15_6

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

libopenssl-3-devel-3.1.4-150600.5.24.1

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

libopenssl3-32bit-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

openSUSE Leap 15.6

libopenssl-3-devel-3.1.4-150600.5.24.1

libopenssl-3-devel-32bit-3.1.4-150600.5.24.1

libopenssl-3-fips-provider-3.1.4-150600.5.24.1

libopenssl-3-fips-provider-32bit-3.1.4-150600.5.24.1

libopenssl3-3.1.4-150600.5.24.1

libopenssl3-32bit-3.1.4-150600.5.24.1

openssl-3-3.1.4-150600.5.24.1

openssl-3-doc-3.1.4-150600.5.24.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250430-1/
Link for SUSE-SU-2025:0430-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020316.html
E-Mail link for SUSE-SU-2025:0430-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1236136
SUSE Bug 1236136
https://www.suse.com/security/cve/CVE-2024-13176/
SUSE CVE CVE-2024-13176 page

Описание

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.

Затронутые продукты

Container bci/bci-init:latest:libopenssl-3-fips-provider-3.1.4-150600.5.24.1

Container bci/bci-init:latest:libopenssl3-3.1.4-150600.5.24.1

Container bci/bci-sle15-kernel-module-devel:latest:libopenssl-3-fips-provider-3.1.4-150600.5.24.1

Container bci/bci-sle15-kernel-module-devel:latest:libopenssl3-3.1.4-150600.5.24.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-13176.html
CVE-2024-13176
https://bugzilla.suse.com/1236136
SUSE Bug 1236136

SUSE-SU-2025:0430-1

Описание

Список пакетов

Container bci/bci-init:latest

Container bci/bci-sle15-kernel-module-devel:latest

Container bci/gcc:latest

Container bci/golang:1.22-openssl

Container bci/golang:1.23

Container bci/golang:latest

Container bci/kiwi:latest

Container bci/node:22

Container bci/nodejs:latest

Container bci/openjdk-devel:17

Container bci/openjdk-devel:latest

Container bci/openjdk:17

Container bci/openjdk:latest

Container bci/php-apache:latest

Container bci/php-fpm:latest

Container bci/php:latest

Container bci/python:3

Container bci/python:latest

Container bci/ruby:latest

Container bci/rust:1.84

Container bci/rust:latest

Container bci/spack:latest

Container containers/apache-tomcat:10.1-openjdk11

Container containers/apache-tomcat:10.1-openjdk17

Container containers/apache-tomcat:10.1-openjdk21

Container containers/apache-tomcat:9-openjdk11

Container containers/apache-tomcat:9-openjdk17

Container containers/apache-tomcat:9-openjdk21

Container containers/apache-tomcat:9-openjdk8

Container containers/milvus:2.4

Container containers/ollama:0

Container containers/open-webui:0

Container containers/python:3.11

Container containers/python:3.9

Container containers/pytorch:2-nvidia

Container containers/pytorch:2.5.0

Container suse/389-ds:latest

Container suse/git:latest

Container suse/helm:latest

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

Container suse/manager/5.0/x86_64/server-attestation:latest

Container suse/manager/5.0/x86_64/server:latest

Container suse/mariadb-client:latest

Container suse/mariadb:latest

Container suse/nginx:latest

Container suse/pcp:latest

Container suse/postgres:16

Container suse/postgres:latest

Container suse/registry:latest

Container suse/rmt-server:latest

Container suse/sle15:15.6

Container suse/stunnel:latest

Image SLES15-SP6

Image SLES15-SP6-BYOS

Image SLES15-SP6-BYOS-GCE

Image SLES15-SP6-CHOST-BYOS

Image SLES15-SP6-CHOST-BYOS-Azure

Image SLES15-SP6-CHOST-BYOS-EC2

Image SLES15-SP6-CHOST-BYOS-GCE

Image SLES15-SP6-CHOST-BYOS-GDC

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

Image SLES15-SP6-GCE

Image SLES15-SP6-Hardened-BYOS

Image SLES15-SP6-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-GCE

Image ai_15_6

Image python_15_6

SUSE Linux Enterprise Module for Basesystem 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-13176

Описание

Затронутые продукты

Ссылки