SUSE-SU-2023:0312-1 -- SLES openssl-3, libopenssl-3-devel, libopenssl3ID: oval:org.secpod.oval:def:89048223 | Date: (C)2023-02-10 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification . - CVE-2023-0217: Fixed NULL pointer dereference validating DSA public key . - CVE-2023-0216: Fixed invalid pointer dereference in d2i_PKCS7 functions . - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex . - CVE-2022-4304: Fixed timing Oracle in RSA Decryption . - CVE-2022-4203: Fixed read Buffer Overflow with X.509 Name Constraints . Non-security fixes: - Fix SHA, SHAKE, KECCAK ASM and EC ASM flag passing . - Enable zlib compression support . - Add crypto-policies dependency.
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Server 15 SP4 |
Product: |
openssl-3 |
libopenssl-3-devel |
libopenssl3 |