Security update for openssl-1_0_0 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:0814-1 Final 1 1 2024-03-08T08:31:53Z current 2024-03-08T08:31:53Z 2024-03-08T08:31:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssl-1_0_0 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle12.5/sles12sp5:latest-2024-814,Container suse/sles12sp5:latest-2024-814,Image SLES12-SP5-Azure-BYOS-2024-814,Image SLES12-SP5-Azure-Basic-On-Demand-2024-814,Image SLES12-SP5-Azure-HPC-BYOS-2024-814,Image SLES12-SP5-Azure-HPC-On-Demand-2024-814,Image SLES12-SP5-Azure-SAP-BYOS-2024-814,Image SLES12-SP5-Azure-SAP-On-Demand-2024-814,Image SLES12-SP5-Azure-Standard-On-Demand-2024-814,Image SLES12-SP5-EC2-BYOS-2024-814,Image SLES12-SP5-EC2-ECS-On-Demand-2024-814,Image SLES12-SP5-EC2-On-Demand-2024-814,Image SLES12-SP5-EC2-SAP-BYOS-2024-814,Image SLES12-SP5-EC2-SAP-On-Demand-2024-814,Image SLES12-SP5-GCE-BYOS-2024-814,Image SLES12-SP5-GCE-On-Demand-2024-814,Image SLES12-SP5-GCE-SAP-BYOS-2024-814,Image SLES12-SP5-GCE-SAP-On-Demand-2024-814,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-814,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-814,SUSE-2024-814,SUSE-SLE-SDK-12-SP5-2024-814,SUSE-SLE-SERVER-12-SP5-2024-814 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20240814-1/ Link for SUSE-SU-2024:0814-1 https://lists.suse.com/pipermail/sle-security-updates/2024-March/018132.html E-Mail link for SUSE-SU-2024:0814-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1219243 SUSE Bug 1219243 https://www.suse.com/security/cve/CVE-2024-0727/ SUSE CVE CVE-2024-0727 page Container suse/ltss/sle12.5/sles12sp5:latest Container suse/sles12sp5:latest Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-Basic-On-Demand Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 libopenssl1_0_0-1.0.2p-3.90.1 openssl-1_0_0-1.0.2p-3.90.1 libopenssl1_0_0-hmac-1.0.2p-3.90.1 libopenssl1_0_0-32bit-1.0.2p-3.90.1 libopenssl-1_0_0-devel-1.0.2p-3.90.1 libopenssl-1_0_0-devel-32bit-1.0.2p-3.90.1 libopenssl-1_0_0-devel-64bit-1.0.2p-3.90.1 libopenssl1_0_0-64bit-1.0.2p-3.90.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.90.1 libopenssl1_0_0-hmac-64bit-1.0.2p-3.90.1 openssl-1_0_0-doc-1.0.2p-3.90.1 libopenssl1_0_0-1.0.2p-3.90.1 as a component of Container suse/ltss/sle12.5/sles12sp5:latest openssl-1_0_0-1.0.2p-3.90.1 as a component of Container suse/ltss/sle12.5/sles12sp5:latest libopenssl1_0_0-1.0.2p-3.90.1 as a component of Container suse/sles12sp5:latest libopenssl1_0_0-hmac-1.0.2p-3.90.1 as a component of Container suse/sles12sp5:latest openssl-1_0_0-1.0.2p-3.90.1 as a component of Container suse/sles12sp5:latest libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-BYOS openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-BYOS libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-Basic-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-Basic-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-BYOS openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-BYOS libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-BYOS openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-BYOS libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libopenssl1_0_0-32bit-1.0.2p-3.90.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libopenssl1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libopenssl1_0_0-32bit-1.0.2p-3.90.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production openssl-1_0_0-1.0.2p-3.90.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libopenssl-1_0_0-devel-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server 12 SP5 libopenssl1_0_0-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server 12 SP5 libopenssl1_0_0-32bit-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server 12 SP5 libopenssl1_0_0-hmac-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server 12 SP5 libopenssl1_0_0-hmac-32bit-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server 12 SP5 openssl-1_0_0-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server 12 SP5 openssl-1_0_0-doc-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server 12 SP5 libopenssl-1_0_0-devel-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libopenssl1_0_0-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libopenssl1_0_0-32bit-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libopenssl1_0_0-hmac-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libopenssl1_0_0-hmac-32bit-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 openssl-1_0_0-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 openssl-1_0_0-doc-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libopenssl-1_0_0-devel-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libopenssl-1_0_0-devel-32bit-1.0.2p-3.90.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. CVE-2024-0727 Container suse/ltss/sle12.5/sles12sp5:latest:libopenssl1_0_0-1.0.2p-3.90.1 Container suse/ltss/sle12.5/sles12sp5:latest:openssl-1_0_0-1.0.2p-3.90.1 Container suse/sles12sp5:latest:libopenssl1_0_0-1.0.2p-3.90.1 Container suse/sles12sp5:latest:libopenssl1_0_0-hmac-1.0.2p-3.90.1 Container suse/sles12sp5:latest:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-BYOS:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-BYOS:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-Basic-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-Basic-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-HPC-BYOS:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-HPC-BYOS:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-HPC-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-HPC-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-SAP-BYOS:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-SAP-BYOS:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-SAP-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-SAP-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-Standard-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-Azure-Standard-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-BYOS:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-BYOS:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-ECS-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-ECS-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-SAP-BYOS:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-SAP-BYOS:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-SAP-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-EC2-SAP-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-BYOS:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-BYOS:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-SAP-BYOS:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-SAP-BYOS:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-SAP-On-Demand:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-GCE-SAP-On-Demand:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libopenssl1_0_0-32bit-1.0.2p-3.90.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:openssl-1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libopenssl1_0_0-1.0.2p-3.90.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libopenssl1_0_0-32bit-1.0.2p-3.90.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:openssl-1_0_0-1.0.2p-3.90.1 SUSE Linux Enterprise Server 12 SP5:libopenssl-1_0_0-devel-1.0.2p-3.90.1 SUSE Linux Enterprise Server 12 SP5:libopenssl1_0_0-1.0.2p-3.90.1 SUSE Linux Enterprise Server 12 SP5:libopenssl1_0_0-32bit-1.0.2p-3.90.1 SUSE Linux Enterprise Server 12 SP5:libopenssl1_0_0-hmac-1.0.2p-3.90.1 SUSE Linux Enterprise Server 12 SP5:libopenssl1_0_0-hmac-32bit-1.0.2p-3.90.1 SUSE Linux Enterprise Server 12 SP5:openssl-1_0_0-1.0.2p-3.90.1 SUSE Linux Enterprise Server 12 SP5:openssl-1_0_0-doc-1.0.2p-3.90.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl-1_0_0-devel-1.0.2p-3.90.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_0_0-1.0.2p-3.90.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_0_0-32bit-1.0.2p-3.90.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_0_0-hmac-1.0.2p-3.90.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_0_0-hmac-32bit-1.0.2p-3.90.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_0_0-1.0.2p-3.90.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_0_0-doc-1.0.2p-3.90.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_0_0-devel-1.0.2p-3.90.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_0_0-devel-32bit-1.0.2p-3.90.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240814-1/ https://www.suse.com/security/cve/CVE-2024-0727.html CVE-2024-0727 https://bugzilla.suse.com/1219243 SUSE Bug 1219243