libopenssl-3-devel-3.1.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13097 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libopenssl-3-devel-3.1.2-1.1 on GA media These are all security issues fixed in the libopenssl-3-devel-3.1.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13097 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13097 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-3817/ SUSE CVE CVE-2023-3817 page openSUSE Tumbleweed libopenssl-3-devel-3.1.2-1.1 libopenssl-3-devel-32bit-3.1.2-1.1 libopenssl3-3.1.2-1.1 libopenssl3-32bit-3.1.2-1.1 libopenssl3-x86-64-v3-3.1.2-1.1 openssl-3-3.1.2-1.1 openssl-3-doc-3.1.2-1.1 libopenssl-3-devel-3.1.2-1.1 as a component of openSUSE Tumbleweed libopenssl-3-devel-32bit-3.1.2-1.1 as a component of openSUSE Tumbleweed libopenssl3-3.1.2-1.1 as a component of openSUSE Tumbleweed libopenssl3-32bit-3.1.2-1.1 as a component of openSUSE Tumbleweed libopenssl3-x86-64-v3-3.1.2-1.1 as a component of openSUSE Tumbleweed openssl-3-3.1.2-1.1 as a component of openSUSE Tumbleweed openssl-3-doc-3.1.2-1.1 as a component of openSUSE Tumbleweed Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. CVE-2023-3817 openSUSE Tumbleweed:libopenssl-3-devel-3.1.2-1.1 openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.2-1.1 openSUSE Tumbleweed:libopenssl3-3.1.2-1.1 openSUSE Tumbleweed:libopenssl3-32bit-3.1.2-1.1 openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.2-1.1 openSUSE Tumbleweed:openssl-3-3.1.2-1.1 openSUSE Tumbleweed:openssl-3-doc-3.1.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-3817.html CVE-2023-3817 https://bugzilla.suse.com/1213853 SUSE Bug 1213853 https://bugzilla.suse.com/1216922 SUSE Bug 1216922