SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2025:1550-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1550-1 advisory. Security: - CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with...

SUSE-SU-2025:1516-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks bsc1229465 Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider bsc1221365. - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-6119: Fixed denial of service in X.509 name checks bsc1229465 Other fixes: FIPS: Deny SHA-1 signature verification in FIPS provider bsc1221365. FIPS: RSA keygen PCT requirements. FIPS: Check that the fips provider is available before...

USN-7494-5: Linux kernel (Azure FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Netfilter; CVE-2023-52664, CVE-2023-52927...

USN-7461-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - File systems infrastructure; - Ext4 file system; - Network file system NFS server...

gnutls security update

3.6.16-8.3fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 - Allow bigger known RSA modulus sizes when calling rsageneratefips1864keypair directly Orabug: 33200526 - Change Epoch from 1 to 10...

USN-7428-2: Linux kernel (FIPS) vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

USN-7392-4: Linux kernel (AWS FIPS) vulnerabilities

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...

USN-7387-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...

containernetworking-plugins security update

1:1.5.1-2 - rebuild for CVE-2024-24791 - Resolves: RHEL-47166 1:1.5.1-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.5.1 - Related: RHEL-27608 1:1.5.0-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.5.0 - Related: RHEL-27608 1:1.4.1-1 -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2024:3905-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3905-1 advisory. Security fixes: - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Other fixes: - FIPS: AES GC...

The FIPS Compliance of HKDF

HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...

Provisioning Services Database Unable to Configure

Provisioning Service database cannot be configured. When configuring the SQL server settings, the following error might appear in the Configuration Wizard log located in C:\ProgramData\Citrix\Provisioning Services\Log: 2013-07-29 14:44:37,864 1 INFO ConfigWizard - ConfigureServices: encrypt the...

containernetworking-plugins security and bug fix update

1:1.3.0-4 - add Epoch in Provides - Related: 2176063 1:1.3.0-3 - remove noopenssl for FIPS compliance - Related: 2176063 1:1.3.0-2 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 -...

openssl security and bug fix update

3.0.7-16.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-16 - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz2211396 1:3.0.7-15.1 - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 paramet...

openssl security and bug fix update

An update is available for openssl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

SUSE-SU-2023:0475-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - FIPS: Make the jitterentropy calls thread-safe bsc1208146. - FIPS: GnuTLS DH/ECDH PCT public key regeneration bsc1207183...

SUSE-SU-2023:0310-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4450: Fixed double free after calling PEMreadbioex...

FedRAMP® CSPs face a new challenge meeting FIPS Compliance

The Federal Risk and Authorization Management Program FedRAMP requires Cloud Service Providers CSPs to meet federal mandates and achieve or maintain a FedRAMP authorization. One of those mandates require the consistent use of FIPS 140-2 validated cryptographic modules everywhere cryptography is...

Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v2.2 and v9 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSLv3 connections (CVE-2014-3566)

Summary SSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and...