- openssl-3.0.7-24.el9 ()
- 3.0.7-28.el9_4
- 2024-09-25 16:30:08
- CVE CVE-2023-2975, CVSSv2 Score: 5.3
- Description:
AES-SIV implementation ignores empty associated data entries
- Patch: openssl/3.0.7/CVE-2023-2975.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Excessive time spent checking DH keys and parameters
- Patch: openssl/3.0.7/CVE-2023-3446.patch
- CVE CVE-2023-3817, CVSSv2 Score: 5.3
- Description:
Excessive time spent checking DH q parameter value
- Patch: openssl/3.0.7/CVE-2023-3817.patch
- CVE CVE-2023-5363, CVSSv2 Score: 7.5
- Description:
Fix incorrect cipher key and IV length processing
- Patch: openssl/3.0.7/CVE-2023-5363.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
Excessive time spent in DH check / generation with large Q parameter value
- Patch: openssl/3.0.7/CVE-2023-5678.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/3.0.2/CVE-2023-5678-adapt.patch
- CVE CVE-2023-6129, CVSSv2 Score: 6.5
- Description:
POLY1305 MAC implementation corrupts vector registers on PowerPC
- Patch: openssl/3.0.7/CVE-2023-6129.patch
- CVE CVE-2023-6237, CVSSv2 Score: 5.9
- Description:
Excessive time spent checking invalid RSA public keys
- Patch: openssl/3.0.7/CVE-2023-6237.patch
- CVE CVE-2024-0727, CVSSv2 Score: 5.5
- Description:
PKCS12 Decoding crashes
- Patch: openssl/3.0.7/CVE-2024-0727.patch
- CVE CVE-2024-6119, CVSSv2 Score: 5.9
- Description:
Possible denial of service in X.509 name checks
- Patch: openssl/3.0.7/0136-CVE-2024-6119.patch