Red Hat alert RHSA-2024:0208-01 (openssl)

An update for openssl is now available for Red Hat Enterprise Linux 8.6
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

Security Fix(es):

* openssl: Excessive time spent checking DH keys and parameters
(CVE-2023-3446)

* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)

* openssl: Generating excessively long X9.42 DH keys or checking excessively
long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* openssl: Excessive time spent checking DH q parameter value
(JIRA:RHEL-14237)

* openssl: Excessive time spent checking DH keys and parameters
(JIRA:RHEL-14243)

* openssl: Generating excessively long X9.42 DH keys or checking excessively
long X9.42 DH keys or parameters may be very slow (JIRA:RHEL-16536)

This content is licensed under the Creative Commons Attribution 4.0
International License (https://creativecommons.org/licenses/by/4.0/). If you
distribute this content, or a modified version of it, you must provide
attribution to Red Hat Inc. and provide a link to the original.

Original: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0208.json