SUSE-SU-2024:1947-1

UNKNOWN

Security update for openssl-3

Published Jun 7, 2024

Modified 1 years ago

Fix available

Details

This update for openssl-3 fixes the following issues:

CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating (bsc#1224388).

Affected Packages

libopenssl-3-devel

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Manager Proxy 4.3

Fixed in:

3.0.8-150400.4.54.1

libopenssl3

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

3.0.8-150400.4.54.1

openssl-3

Fixed in:

3.0.8-150400.4.54.1

References

REPORT

https://bugzilla.suse.com/1222548

REPORT

https://bugzilla.suse.com/1224388

WEB

https://www.suse.com/security/cve/CVE-2024-2511