{"schema_version":"1.7.2","id":"OESA-2023-1481","modified":"2023-08-12T11:05:38Z","published":"2023-08-12T11:05:38Z","upstream":["CVE-2023-3817"],"summary":"openssl security update","details":"OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \u0026quot;-check\u0026quot; option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3817)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"openssl","purl":"pkg:rpm/openEuler/openssl\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1f-27.oe1"}]}],"ecosystem_specific":{"aarch64":["openssl-debugsource-1.1.1f-27.oe1.aarch64.rpm","openssl-devel-1.1.1f-27.oe1.aarch64.rpm","openssl-1.1.1f-27.oe1.aarch64.rpm","openssl-debuginfo-1.1.1f-27.oe1.aarch64.rpm","openssl-libs-1.1.1f-27.oe1.aarch64.rpm"],"noarch":["openssl-help-1.1.1f-27.oe1.noarch.rpm"],"src":["openssl-1.1.1f-27.oe1.src.rpm"],"x86_64":["openssl-1.1.1f-27.oe1.x86_64.rpm","openssl-devel-1.1.1f-27.oe1.x86_64.rpm","openssl-libs-1.1.1f-27.oe1.x86_64.rpm","openssl-debuginfo-1.1.1f-27.oe1.x86_64.rpm","openssl-debugsource-1.1.1f-27.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"openssl","purl":"pkg:rpm/openEuler/openssl\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1f-27.oe1"}]}],"ecosystem_specific":{"aarch64":["openssl-debugsource-1.1.1f-27.oe1.aarch64.rpm","openssl-debuginfo-1.1.1f-27.oe1.aarch64.rpm","openssl-libs-1.1.1f-27.oe1.aarch64.rpm","openssl-1.1.1f-27.oe1.aarch64.rpm","openssl-devel-1.1.1f-27.oe1.aarch64.rpm"],"noarch":["openssl-help-1.1.1f-27.oe1.noarch.rpm"],"src":["openssl-1.1.1f-27.oe1.src.rpm"],"x86_64":["openssl-devel-1.1.1f-27.oe1.x86_64.rpm","openssl-debugsource-1.1.1f-27.oe1.x86_64.rpm","openssl-debuginfo-1.1.1f-27.oe1.x86_64.rpm","openssl-1.1.1f-27.oe1.x86_64.rpm","openssl-libs-1.1.1f-27.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"openssl","purl":"pkg:rpm/openEuler/openssl\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1m-22.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["openssl-1.1.1m-22.oe2203.aarch64.rpm","openssl-debugsource-1.1.1m-22.oe2203.aarch64.rpm","openssl-libs-1.1.1m-22.oe2203.aarch64.rpm","openssl-perl-1.1.1m-22.oe2203.aarch64.rpm","openssl-debuginfo-1.1.1m-22.oe2203.aarch64.rpm","openssl-devel-1.1.1m-22.oe2203.aarch64.rpm","openssl-libs-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-perl-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-debuginfo-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-debugsource-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-devel-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-devel-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-debugsource-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-libs-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-debuginfo-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-perl-1.1.1m-22.oe2203sp2.aarch64.rpm"],"noarch":["openssl-help-1.1.1m-22.oe2203.noarch.rpm","openssl-help-1.1.1m-25.oe2203sp1.noarch.rpm","openssl-help-1.1.1m-22.oe2203sp2.noarch.rpm"],"src":["openssl-1.1.1m-22.oe2203.src.rpm","openssl-1.1.1m-25.oe2203sp1.src.rpm","openssl-1.1.1m-22.oe2203sp2.src.rpm"],"x86_64":["openssl-debugsource-1.1.1m-22.oe2203.x86_64.rpm","openssl-debuginfo-1.1.1m-22.oe2203.x86_64.rpm","openssl-1.1.1m-22.oe2203.x86_64.rpm","openssl-devel-1.1.1m-22.oe2203.x86_64.rpm","openssl-libs-1.1.1m-22.oe2203.x86_64.rpm","openssl-perl-1.1.1m-22.oe2203.x86_64.rpm","openssl-debuginfo-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-debugsource-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-libs-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-perl-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-devel-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-debuginfo-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-devel-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-debugsource-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-perl-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-libs-1.1.1m-22.oe2203sp2.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"openssl","purl":"pkg:rpm/openEuler/openssl\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1m-25.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["openssl-libs-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-perl-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-debuginfo-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-debugsource-1.1.1m-25.oe2203sp1.aarch64.rpm","openssl-devel-1.1.1m-25.oe2203sp1.aarch64.rpm"],"noarch":["openssl-help-1.1.1m-25.oe2203sp1.noarch.rpm"],"src":["openssl-1.1.1m-25.oe2203sp1.src.rpm"],"x86_64":["openssl-debuginfo-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-debugsource-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-libs-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-perl-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-devel-1.1.1m-25.oe2203sp1.x86_64.rpm","openssl-1.1.1m-25.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP2","name":"openssl","purl":"pkg:rpm/openEuler/openssl\u0026distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1m-22.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["openssl-devel-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-debugsource-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-libs-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-debuginfo-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-1.1.1m-22.oe2203sp2.aarch64.rpm","openssl-perl-1.1.1m-22.oe2203sp2.aarch64.rpm"],"noarch":["openssl-help-1.1.1m-22.oe2203sp2.noarch.rpm"],"src":["openssl-1.1.1m-22.oe2203sp2.src.rpm"],"x86_64":["openssl-debuginfo-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-devel-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-debugsource-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-perl-1.1.1m-22.oe2203sp2.x86_64.rpm","openssl-libs-1.1.1m-22.oe2203sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1481"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3817"}],"database_specific":{"severity":"Medium"}}