SUSE-SU-2025:20014-1: important: Security update for openssl-3, libpulp, ulp-macros

SLE-UPDATES null at suse.de
Wed Jun 4 09:23:17 UTC 2025 


# Security update for openssl-3, libpulp, ulp-macros

Announcement ID: SUSE-SU-2025:20014-1  
Release Date: 2025-02-03T08:48:39Z  
Rating: important  
References:

  * bsc#1220523
  * bsc#1220690
  * bsc#1220693
  * bsc#1220696
  * bsc#1221365
  * bsc#1221751
  * bsc#1221752
  * bsc#1221753
  * bsc#1221760
  * bsc#1221763
  * bsc#1221786
  * bsc#1221787
  * bsc#1221821
  * bsc#1221822
  * bsc#1221824
  * bsc#1221827
  * bsc#1222548
  * bsc#1222899
  * bsc#1223306
  * bsc#1223336
  * bsc#1223428
  * bsc#1224388
  * bsc#1225291
  * bsc#1225551
  * bsc#1226463
  * bsc#1227138
  * bsc#1229465

  
Cross-References:

  * CVE-2024-2511
  * CVE-2024-4603
  * CVE-2024-4741
  * CVE-2024-5535
  * CVE-2024-6119

  
CVSS scores:

  * CVE-2024-2511 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-2511 ( NVD ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-4603 ( SUSE ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2024-4603 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2024-4741 ( SUSE ):  8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-4741 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-5535 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-6119 ( SUSE ):  8.2
    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-6119 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-6119 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-6119 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

  
Affected Products:

  * SUSE Linux Micro 6.0

  
  
An update that solves five vulnerabilities and has 22 fixes can now be
installed.

## Description:

This update for openssl-3, libpulp, ulp-macros fixes the following issues:

openssl-3: \- CVE-2024-6119: possible denial of service in X.509 name checks
(bsc#1229465) \- CVE-2024-5535: SSL_select_next_proto buffer overread
(bsc#1227138) \- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers
(bsc#1225551) \- CVE-2024-4603: Check DSA parameters for excessive sizes before
validating (bsc#1224388) \- CVE-2024-2511: Fix unconstrained session cache
growth in TLSv1.3 (bsc#1222548) \- FIPS: Deny SHA-1 signature verification in
FIPS provider (bsc#1221365) \- FIPS: RSA keygen PCT requirements. (bsc#1221760,
bsc#1221753) \- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode. (bsc#1220523) \- FIPS: Port openssl to
use jitterentropy (bsc#1220523) \- FIPS: Block non-Approved Elliptic Curves
(bsc#1221786) \- FIPS: Service Level Indicator (bsc#1221365) \- FIPS: Output the
FIPS-validation name and module version which uniquely identify the FIPS
validated module. (bsc#1221751) \- FIPS: Add required selftests (bsc#1221760) \-
FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821) \- FIPS:
Recommendation for Password-Based Key Derivation (bsc#1221827) \- FIPS:
Zeroization is required (bsc#1221752) \- FIPS: Reseed DRBG (bsc#1220690,
bsc#1220693, bsc#1220696) \- FIPS: NIST SP 800-56Brev2 (bsc#1221824) \- FIPS:
Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787) \-
FIPS: Port openssl to use jitterentropy (bsc#1220523) \- FIPS: NIST SP
800-56Arev3 (bsc#1221822) \- FIPS: Error state has to be enforced (bsc#1221753)
\- Build with enabled sm2 and sm4 support (bsc#1222899) \- fix non-reproducible
build issue \- Fix HDKF key derivation (bsc#1225291) \- Enable livepatching
support (bsc#1223428)

libpulp: \- Update package with libpulp-0.3.5 * Change .so load policy from lazy
to eager. * Fix patch of references when mprotect is enabled. * Fix tramposed
calloc arguments. * Fix crash of ulp packer on empty lines.

  * Disabled ptrace_scope through aaa_base-enable-ptrace package (bsc#1221763).
  * Update package with libpulp-0.3.4:

    * Add debuginfo into ulp extract.
  * Disabled ptrace_scope when building the package (bsc#1221763).

  * Update package with libpulp-0.3.3:

    * Fixed a race condition when process list is empty.
    * Removed "Unable to get section data" error message (bsc#1223306).
    * Bumped asunsafe_conversion attempts from 100 to 2000.
    * Fixed banner test on clang-18.
    * Check if ptrace_scope is enabled when attempting a ptrace operation (bsc#1221763).
  * Update package with libpulp-0.3.1:

    * Add timestamp information on `ulp patches`.

ulp-macros: \- Initial release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.0  
    zypper in -t patch SUSE-SLE-Micro-6.0-58=1

## Package List:

  * SUSE Linux Micro 6.0 (x86_64)
    * libpulp0-debuginfo-0.3.5-1.1
    * libpulp-tools-debuginfo-0.3.5-1.1
    * libpulp-debugsource-0.3.5-1.1
    * libpulp0-0.3.5-1.1
    * libpulp-tools-0.3.5-1.1
  * SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
    * libopenssl-3-fips-provider-debuginfo-3.1.4-6.1
    * openssl-3-debuginfo-3.1.4-6.1
    * jitterentropy-devel-3.4.1-3.1
    * libopenssl3-3.1.4-6.1
    * openssl-3-debugsource-3.1.4-6.1
    * openssl-3-3.1.4-6.1
    * libopenssl-3-fips-provider-3.1.4-6.1
    * libjitterentropy3-3.4.1-3.1
    * libopenssl-3-devel-3.1.4-6.1
    * libopenssl3-debuginfo-3.1.4-6.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-2511.html
  * https://www.suse.com/security/cve/CVE-2024-4603.html
  * https://www.suse.com/security/cve/CVE-2024-4741.html
  * https://www.suse.com/security/cve/CVE-2024-5535.html
  * https://www.suse.com/security/cve/CVE-2024-6119.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1220523
  * https://bugzilla.suse.com/show_bug.cgi?id=1220690
  * https://bugzilla.suse.com/show_bug.cgi?id=1220693
  * https://bugzilla.suse.com/show_bug.cgi?id=1220696
  * https://bugzilla.suse.com/show_bug.cgi?id=1221365
  * https://bugzilla.suse.com/show_bug.cgi?id=1221751
  * https://bugzilla.suse.com/show_bug.cgi?id=1221752
  * https://bugzilla.suse.com/show_bug.cgi?id=1221753
  * https://bugzilla.suse.com/show_bug.cgi?id=1221760
  * https://bugzilla.suse.com/show_bug.cgi?id=1221763
  * https://bugzilla.suse.com/show_bug.cgi?id=1221786
  * https://bugzilla.suse.com/show_bug.cgi?id=1221787
  * https://bugzilla.suse.com/show_bug.cgi?id=1221821
  * https://bugzilla.suse.com/show_bug.cgi?id=1221822
  * https://bugzilla.suse.com/show_bug.cgi?id=1221824
  * https://bugzilla.suse.com/show_bug.cgi?id=1221827
  * https://bugzilla.suse.com/show_bug.cgi?id=1222548
  * https://bugzilla.suse.com/show_bug.cgi?id=1222899
  * https://bugzilla.suse.com/show_bug.cgi?id=1223306
  * https://bugzilla.suse.com/show_bug.cgi?id=1223336
  * https://bugzilla.suse.com/show_bug.cgi?id=1223428
  * https://bugzilla.suse.com/show_bug.cgi?id=1224388
  * https://bugzilla.suse.com/show_bug.cgi?id=1225291
  * https://bugzilla.suse.com/show_bug.cgi?id=1225551
  * https://bugzilla.suse.com/show_bug.cgi?id=1226463
  * https://bugzilla.suse.com/show_bug.cgi?id=1227138
  * https://bugzilla.suse.com/show_bug.cgi?id=1229465

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250604/2f0fa7f1/attachment.htm>

More information about the sle-updates mailing list