SUSE-SU-2023:3096-1

UNKNOWN

Security update for compat-openssl098

Published Aug 1, 2023

Modified 2 years ago

Fix available

Details

This update for compat-openssl098 fixes the following issues:

CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534).
CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
Update further expiring certificates that affect tests (bsc#1201627).

Affected Packages

compat-openssl098

SUSE Linux Enterprise Module for Legacy 12SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

0.9.8j-106.58.1

libopenssl0_9_8

SUSE Linux Enterprise Module for Legacy 12SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

0.9.8j-106.58.1

libopenssl0_9_8-32bit

SUSE Linux Enterprise Module for Legacy 12

Fixed in:

0.9.8j-106.58.1

References

REPORT

https://bugzilla.suse.com/1201627

REPORT

https://bugzilla.suse.com/1207534

REPORT