Security update for qatengine, qatlib SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3943-1 Final 1 1 2025-11-05T08:16:20Z current 2025-11-05T08:16:20Z 2025-11-05T08:16:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qatengine, qatlib This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * bsc#1233363 (CVE-2024-28885) * bsc#1233365 (CVE-2024-31074) * bsc#1233366 (CVE-2024-33617) Update to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues * Optimize hex dump logging * Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 Update to 1.5.0: * use new --enable-qat_insecure_algorithms to avoid regressions * improve support for SM{2,3,4} ciphers * improve SW fallback support * many bug fixes, refactorisations and documentation updates qatlib was updated to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues version update to 24.02.0: * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md update to 23.11.0: * use new --enable-legacy-algorithms to avoid regressions * add support for data compression chaining (hash then compress) * add support for additional configuration profiles * add support DC NS (NoSession) APIs * add support DC CompressBound APIs * add Support for Chinese SM{2,3,4} ciphers * bump shared library major to 4 * refactoring, bug fixes and documentation updates The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3943,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3943,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3943,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3943,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3943 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253943-1/ Link for SUSE-SU-2025:3943-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023159.html E-Mail link for SUSE-SU-2025:3943-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233363 SUSE Bug 1233363 https://bugzilla.suse.com/1233365 SUSE Bug 1233365 https://bugzilla.suse.com/1233366 SUSE Bug 1233366 https://www.suse.com/security/cve/CVE-2024-28885/ SUSE CVE CVE-2024-28885 page https://www.suse.com/security/cve/CVE-2024-31074/ SUSE CVE CVE-2024-31074 page https://www.suse.com/security/cve/CVE-2024-33617/ SUSE CVE CVE-2024-33617 page SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP5 libqat4-24.09.0-150500.3.3.1 libqatzip3-1.1.0-150500.3.2.1 libusdm0-24.09.0-150500.3.3.1 qatengine-1.7.0-150500.3.3.1 qatlib-24.09.0-150500.3.3.1 qatlib-devel-24.09.0-150500.3.3.1 qatzip-1.1.0-150500.3.2.1 qatzip-devel-1.1.0-150500.3.2.1 libqat4-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libqatzip3-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libusdm0-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS qatengine-1.7.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS qatlib-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS qatlib-devel-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS qatzip-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS qatzip-devel-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libqat4-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libqatzip3-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libusdm0-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS qatengine-1.7.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS qatlib-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS qatlib-devel-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS qatzip-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS qatzip-devel-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libqat4-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libqatzip3-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libusdm0-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS qatengine-1.7.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS qatlib-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS qatlib-devel-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS qatzip-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS qatzip-devel-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libqat4-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libqatzip3-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libusdm0-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 qatengine-1.7.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 qatlib-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 qatlib-devel-24.09.0-150500.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 qatzip-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 qatzip-devel-1.1.0-150500.3.2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. CVE-2024-28885 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatzip-devel-1.1.0-150500.3.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253943-1/ https://www.suse.com/security/cve/CVE-2024-28885.html CVE-2024-28885 https://bugzilla.suse.com/1233363 SUSE Bug 1233363 Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. CVE-2024-31074 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatzip-devel-1.1.0-150500.3.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253943-1/ https://www.suse.com/security/cve/CVE-2024-31074.html CVE-2024-31074 https://bugzilla.suse.com/1233365 SUSE Bug 1233365 Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. CVE-2024-33617 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server 15 SP5-LTSS:qatzip-devel-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libqat4-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libqatzip3-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libusdm0-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatengine-1.7.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatlib-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatlib-devel-24.09.0-150500.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatzip-1.1.0-150500.3.2.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:qatzip-devel-1.1.0-150500.3.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253943-1/ https://www.suse.com/security/cve/CVE-2024-33617.html CVE-2024-33617 https://bugzilla.suse.com/1233366 SUSE Bug 1233366