Release date:
2024-06-13 15:10:17 UTC
Description:
- CVE-2024-0727: Fix NULL pointer dereference in processing PKCS12 files,
preventing potential DoS attack
- CVE-2023-6129: Fix POLY1305 MAC implementation bug that corrupts internal
state on PowerPC CPUs with vector instructions
- CVE-2023-5678: Fix issue with excessively long X9.42 DH keys or parameters
causing long delays and potential DoS by adding checks in DH_generate_key()
and DH_check_pub_key() functions
- CVE-2023-3817: Fix excessively long DH key or parameters check causing
potential Denial of Service by preventing unnecessary checks if q is larger
than p
- CVE-2023-3446: Fix issue of excessively long DH keys or parameters causing
slow checks, leading to potential Denial of Service. Added additional checks
to prevent DoS vulnerability in DH_check(), DH_check_ex(), and
EVP_PKEY_param_check() functions
- CVE-2023-2975: Fix issue with AES-SIV cipher ignoring empty associated data
entries by performing authentication operation for empty data during
EVP_EncryptUpdate()
Updated packages:
-
openssl-3.0.7-17.el9_2.tuxcare.els2.x86_64.rpm
sha:ad4a0ce9be95b2bf4e4f49d706aeb95633b57bf2
-
openssl-devel-3.0.7-17.el9_2.tuxcare.els2.i686.rpm
sha:daf80fa45f430e6ca42978758abad523d6ccfd92
-
openssl-devel-3.0.7-17.el9_2.tuxcare.els2.x86_64.rpm
sha:33938c78980ad74e3b9d526c08f12ca4f875735e
-
openssl-libs-3.0.7-17.el9_2.tuxcare.els2.i686.rpm
sha:c20661d12ce8a35ac238de2b3f12b2d6b8bd63f8
-
openssl-libs-3.0.7-17.el9_2.tuxcare.els2.x86_64.rpm
sha:b2aca3790fa42edca438b6b101f3e475ab3c1b68
-
openssl-perl-3.0.7-17.el9_2.tuxcare.els2.x86_64.rpm
sha:777833a4589273857e657e917e8cdd0324aad1fa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
