RHSA-2024:2447 -- Redhat opensslID: oval:org.secpod.oval:def:509252 | Date: (C)2024-05-16 (M)2024-05-16 |
Class: PATCH | Family: unix |
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries openssl: Excessive time spent checking DH keys and parameters OpenSSL: Excessive time spent checking DH q parameter value openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC openssl: Excessive time spent checking invalid RSA public keys openssl: denial of service via null dereference For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 9 |