Overview

File _patchinfo of Package patchinfo.34167

<patchinfo incident="34167">
  <issue tracker="bnc" id="1223428">SUSE:SLE-15-SP6:GA openssl-3 not livepatch enabled</issue>
  <issue tracker="bnc" id="1225291">NVMe/TCP TLS connection fails due to handshake failure</issue>
  <issue tracker="bnc" id="1224388">VUL-0: CVE-2024-4603: openssl-3: excessive time spent checking DSA keys and parameters</issue>
  <issue tracker="bnc" id="1225551">VUL-0: CVE-2024-4741: openssl-1_1,openssl-3: Use After Free with SSL_free_buffers</issue>
  <issue tracker="cve" id="2024-4603"/>
  <issue tracker="cve" id="2024-4741"/>
  <packager>gbelinassi</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for openssl-3</summary>
  <description>This update for openssl-3 fixes the following issues:

Security issues fixed:

- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)

Other issues fixed:

- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, +  gh#openssl/openssl#23456)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places