Critical OpenSSL-3 update patches CVE-2024-6119 (CVSS 8.2) & 15 FIPS fixes for SUSE Linux Enterprise 15 SP7. Learn how to secure your systems against DoS attacks and maintain FIPS compliance with this essential patch.
Key Security Vulnerabilities Patched
SUSE has released a crucial security update for OpenSSL-3, addressing 16 vulnerabilities, including a high-risk denial-of-service (DoS) flaw (CVE-2024-6119) with a CVSS score of 8.2. This update is essential for enterprises relying on FIPS-compliant encryption and secure X.509 certificate validation.
Critical Fixes Included:
✔ CVE-2024-6119: DoS vulnerability in X.509 name checks
✔ FIPS Compliance Enhancements:
SHA-1 signature verification blocked in FIPS mode
RSA keygen PCT requirements enforced
NIST SP 800-56Brev2 & 800-56Arev3 compliance
Zero-initialization and DRBG reseeding fixes
Approved modulus sizes for RSA digital signatures
Why This Update Matters for Enterprises
OpenSSL is the backbone of secure communications, impacting TLS/SSL encryption, VPNs, and authentication systems. Unpatched systems risk:
Service disruptions from DoS attacks
Non-compliance with FIPS 140-2/3 standards
Increased attack surface for threat actors
How to Apply the Patch
Recommended Methods:
YaST Online Update
Zypper Patch Command:
zypper in -t patch SUSE-SLE-Module-Certifications-15-SP7-2025-1516=1
Affected Packages:
openssl-3-debugsourcelibopenssl-3-fips-provider
FAQs
Q: Is this update mandatory for compliance?
A: Yes, especially for government, healthcare, and financial sectors requiring FIPS validation.
Q: What happens if I delay patching?
A: Systems remain vulnerable to certificate spoofing and service crashes.
Q: Are there performance impacts?
A: Minimal—optimizations like jitterentropy integration improve cryptographic randomness.
Nenhum comentário:
Postar um comentário