5 matches found
MGASA-2023-0273 Updated quictls packages fix security vulnerabilities
The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...
MGASA-2023-0253 Updated openssl packages fix security vulnerability
AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...
SUSE-SU-2023:3013-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries bsc1213383. - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...
SUSE-SU-2023:3011-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries bsc1213383. - CVE-2023-3446: Fixed DHcheck excessive time with over sized modulus bsc1213487...
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...