{"affected":[{"ecosystem_specific":{"binaries":[{"jitterentropy-devel":"3.4.1-3.1","libjitterentropy3":"3.4.1-3.1","libopenssl-3-devel":"3.1.4-6.1","libopenssl-3-fips-provider":"3.1.4-6.1","libopenssl3":"3.1.4-6.1","libpulp-tools":"0.3.5-1.1","libpulp0":"0.3.5-1.1","openssl-3":"3.1.4-6.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"jitterentropy","purl":"pkg:rpm/suse/jitterentropy&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.1-3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jitterentropy-devel":"3.4.1-3.1","libjitterentropy3":"3.4.1-3.1","libopenssl-3-devel":"3.1.4-6.1","libopenssl-3-fips-provider":"3.1.4-6.1","libopenssl3":"3.1.4-6.1","libpulp-tools":"0.3.5-1.1","libpulp0":"0.3.5-1.1","openssl-3":"3.1.4-6.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"libpulp","purl":"pkg:rpm/suse/libpulp&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.5-1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jitterentropy-devel":"3.4.1-3.1","libjitterentropy3":"3.4.1-3.1","libopenssl-3-devel":"3.1.4-6.1","libopenssl-3-fips-provider":"3.1.4-6.1","libopenssl3":"3.1.4-6.1","libpulp-tools":"0.3.5-1.1","libpulp0":"0.3.5-1.1","openssl-3":"3.1.4-6.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"openssl-3","purl":"pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.4-6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for openssl-3, libpulp, ulp-macros fixes the following issues:\n\nopenssl-3:\n  - CVE-2024-6119: possible denial of service in X.509 name checks (bsc#1229465)\n  - CVE-2024-5535: SSL_select_next_proto buffer overread (bsc#1227138)\n  - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers (bsc#1225551)\n  - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)\n  - CVE-2024-2511: Fix unconstrained session cache growth in TLSv1.3 (bsc#1222548)\n  - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365)\n  - FIPS: RSA keygen PCT requirements. (bsc#1221760, bsc#1221753)\n  - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode. (bsc#1220523)\n  - FIPS: Port openssl to use jitterentropy (bsc#1220523)\n  - FIPS: Block non-Approved Elliptic Curves (bsc#1221786)\n  - FIPS: Service Level Indicator (bsc#1221365)\n  - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module. (bsc#1221751)\n  - FIPS: Add required selftests (bsc#1221760)\n  - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821)\n  - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827)\n  - FIPS: Zeroization is required (bsc#1221752)\n  - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696)\n  - FIPS: NIST SP 800-56Brev2 (bsc#1221824)\n  - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787)\n  - FIPS: Port openssl to use jitterentropy (bsc#1220523)\n  - FIPS: NIST SP 800-56Arev3 (bsc#1221822)\n  - FIPS: Error state has to be enforced (bsc#1221753)\n  - Build with enabled sm2 and sm4 support (bsc#1222899)\n  - fix non-reproducible build issue\n  - Fix HDKF key derivation (bsc#1225291)\n  - Enable livepatching support (bsc#1223428)\n\nlibpulp:\n  - Update package with libpulp-0.3.5\n    * Change .so load policy from lazy to eager.\n    * Fix patch of references when mprotect is enabled.\n    * Fix tramposed calloc arguments.\n    * Fix crash of ulp packer on empty lines.\n\n  - Disabled ptrace_scope through aaa_base-enable-ptrace package (bsc#1221763).\n  - Update package with libpulp-0.3.4:\n    * Add debuginfo into ulp extract.\n\n  - Disabled ptrace_scope when building the package (bsc#1221763).\n  - Update package with libpulp-0.3.3:\n    * Fixed a race condition when process list is empty.\n    * Removed \"Unable to get section data\" error message (bsc#1223306).\n    * Bumped asunsafe_conversion attempts from 100 to 2000.\n    * Fixed banner test on clang-18.\n    * Check if ptrace_scope is enabled when attempting a ptrace operation (bsc#1221763).\n\n  - Update package with libpulp-0.3.1:\n    * Add timestamp information on `ulp patches`.\n\nulp-macros:\n  - Initial release.\n","id":"SUSE-SU-2025:20014-1","modified":"2025-02-03T08:48:16Z","published":"2025-02-03T08:48:16Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520014-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220523"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220690"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220693"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220696"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221365"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221751"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221752"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221753"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221760"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221763"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221786"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221787"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221822"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221824"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221827"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222548"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223306"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223336"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223428"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224388"},{"type":"REPORT","url":"https://bugzilla.suse.com/1225291"},{"type":"REPORT","url":"https://bugzilla.suse.com/1225551"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226463"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227138"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229465"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-2511"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-4603"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-4741"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6119"}],"related":["CVE-2024-2511","CVE-2024-4603","CVE-2024-4741","CVE-2024-5535","CVE-2024-6119"],"summary":"Security update for openssl-3, libpulp, ulp-macros","upstream":["CVE-2024-2511","CVE-2024-4603","CVE-2024-4741","CVE-2024-5535","CVE-2024-6119"]}