SUSE-SU-2023:4489-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service bsc1216922...

SUSE-SU-2023:4190-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. bsc1216163 - CVE-2023-3817: Add test of DHcheck with q = p + 1. bsc1213853...

SUSE-SU-2023:4189-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. bsc1216163 - CVE-2023-3817: Add test of DHcheck with q = p + 1. bsc1213853...

SUSE-SU-2023:3841-1 Security update for go1.19-openssl

This update for go1.19-openssl fixes the following issues: Update to version 1.19.13 bsc1200441. - CVE-2023-29409: Fixed unrestricted RSA keys in certificates bsc1213880. - CVE-2023-29406: Fixed insufficient sanitization of Host header bsc1213229. The following non-security bug was fixed: - Add...

SUSE-SU-2023:3244-2 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. bsc1213853...

SUSE-SU-2023:3160-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...

SUSE-SU-2023:3093-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...

SUSE-SU-2023:2973-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...

Medium: openssl

Issue Overview: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may...

SUSE-SU-2023:2634-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case bsc1207534...

SUSE-SU-2023:2620-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM bsc1210714. - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers bsc1211430...

SUSE-SU-2023:29171-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers bsc1211430. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a...

SUSE-SU-2023:1908-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates bsc1209878. - CVE-2023-0466: Fixed disabled certificate policy check bsc1209873...

SUSE-SU-2023:1907-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored bsc1209878. - CVE-2023-0466: Certificate policy check were not enabled bsc1209873...

MGASA-2023-0130 Updated openssl packages fix security vulnerability

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

SUSE-SU-2023:1764-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints bsc1209624...

SUSE-SU-2023:1703-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security fixes: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints bsc1209624. Other fixes: - Fix DH key generation in FIPS mode, add support for constant BN for DH parameters bsc1202062...

CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

Important: openssl

Issue Overview: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve...

MGASA-2023-0078 Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...