SUSE-SU-2024:3525-1
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 04 Oct 2024, 13:21
Last modified:04 Feb 2026, 02:46
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
04 Oct 2024, 13:21
Published
Vulnerability first disclosed
04 Feb 2026, 02:46
Last Modified
Vulnerability information updated
Description
Security update for openssl-3 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
Affected Systems
- suse•openssl-3&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 3.0.8-150400.4.66.1
- suse•openssl-3&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 3.0.8-150400.4.66.1
- suse•openssl-3&distro=SUSE Linux Enterprise Micro 5.3
< 3.0.8-150400.4.66.1
- suse•openssl-3&distro=SUSE Linux Enterprise Micro 5.4
< 3.0.8-150400.4.66.1
- suse•openssl-3&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 3.0.8-150400.4.66.1
- suse•openssl-3&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 3.0.8-150400.4.66.1
- suse•openssl-3&distro=SUSE Manager Proxy 4.3
< 3.0.8-150400.4.66.1
- suse•openssl-3&distro=SUSE Manager Server 4.3
< 3.0.8-150400.4.66.1