Overview

File _patchinfo of Package patchinfo.31276

<patchinfo incident="31276">
  <issue tracker="bnc" id="1194187">openssl  broken</issue>
  <issue tracker="bnc" id="1207472">SLES 15 SP4 - openssl-3 : segmentation faults seen for different commands when ibmca engine is configured into /etc/ssl/openssl3.cnf</issue>
  <issue tracker="bnc" id="1216922">VUL-0: CVE-2023-5678: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow</issue>
  <issue tracker="cve" id="2023-5678"/>
  <packager>ohollmann</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for openssl-3</summary>
  <description>This update for openssl-3 fixes the following issues:

- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).

Bug fixes:

- The default /etc/ssl/openssl3.cnf file will include any configuration
  files that other packages might place into /etc/ssl/engines3.d/ and
  /etc/ssl/engdef3.d/.
- Create the two new necessary directores for the above
  patch. [bsc#1194187, bsc#1207472]
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places