Overview

File _patchinfo of Package patchinfo.29844

<patchinfo incident="29844">
  <issue tracker="bnc" id="1213383">VUL-0: CVE-2023-2975: openssl-3: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries</issue>
  <issue tracker="bnc" id="1213487">VUL-0: CVE-2023-3446: openssl-1_1,openssl1,openssl-3,openssl-1_0_0: Excessive time spent checking DH keys and parameters </issue>
  <issue tracker="cve" id="2023-2975"/>
  <issue tracker="cve" id="2023-3446"/>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for openssl-3</summary>
  <description>This update for openssl-3 fixes the following issues:

- CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries (bsc#1213383).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places