SUSE-SU-2024:3871-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2023-50782 CVE-2024-41996

Published: 01 Nov 2024, 15:20

Last modified:04 Feb 2026, 03:00

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Nov 2024, 15:20

Published

Vulnerability first disclosed

04 Feb 2026, 03:00

Last Modified

Vulnerability information updated

Description

Security update for openssl-3 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) - CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)

Affected Systems

suse•openssl-3&distro=SUSE Linux Enterprise Micro 5.3
< 3.0.8-150400.4.69.1
suse•openssl-3&distro=SUSE Linux Enterprise Micro 5.4
< 3.0.8-150400.4.69.1
suse•openssl-3&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 3.0.8-150400.4.69.1
suse•openssl-3&distro=SUSE Manager Server 4.3
< 3.0.8-150400.4.69.1

SUSE-SU-2024:3871-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)