CLSA-2024-1718291413
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2024-1718291413.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2024-1718291413
- Upstream
- Published
- 2024-06-13T15:10:17Z
- Modified
- 2026-05-27T11:33:01.050644656Z
- Summary
- openssl: Fix of 6 CVEs
- Details
-
- CVE-2024-0727: Fix NULL pointer dereference in processing PKCS12 files, preventing potential DoS attack
- CVE-2023-6129: Fix POLY1305 MAC implementation bug that corrupts internal state on PowerPC CPUs with vector instructions
- CVE-2023-5678: Fix issue with excessively long X9.42 DH keys or parameters causing long delays and potential DoS by adding checks in DHgeneratekey() and DHcheckpub_key() functions
- CVE-2023-3817: Fix excessively long DH key or parameters check causing potential Denial of Service by preventing unnecessary checks if q is larger than p
- CVE-2023-3446: Fix issue of excessively long DH keys or parameters causing slow checks, leading to potential Denial of Service. Added additional checks to prevent DoS vulnerability in DHcheck(), DHcheckex(), and EVPPKEYparamcheck() functions
- CVE-2023-2975: Fix issue with AES-SIV cipher ignoring empty associated data entries by performing authentication operation for empty data during EVP_EncryptUpdate()
- References
Affected packages
TuxCare:AlmaLinux:9.2 / openssl
Package
- Name
- openssl
- Purl
- pkg:rpm/tuxcare/openssl?distro=almalinux-9.2
TuxCare:AlmaLinux:9.2 / openssl-devel
Package
- Name
- openssl-devel
- Purl
- pkg:rpm/tuxcare/openssl-devel?distro=almalinux-9.2
TuxCare:AlmaLinux:9.2 / openssl-libs
Package
- Name
- openssl-libs
- Purl
- pkg:rpm/tuxcare/openssl-libs?distro=almalinux-9.2