OpenSSL has issued an advisory on September 3: https://openssl-library.org/news/secadv/20240903.txt
CVE: (none) => CVE-2024-6119Status comment: (none) => Fixed upstream in 3.3.2 and 3.0.15Whiteboard: (none) => MGA9TOOSource RPM: (none) => openssl-3.3.1-1.mga10.src.rpm, openssl-3.0.14-1.mga9.src.rpm
You already pushed the fixed packages to cauldron and 9 updates_testing, thanks :-) Assigning to you for the Advisory
Version: Cauldron => 9URL: (none) => https://openssl-library.org/news/secadv/20240903.txtCC: (none) => marja11Whiteboard: MGA9TOO => (none)
(In reply to Marja Van Waes from comment #1) > You already pushed the fixed packages to cauldron and 9 updates_testing, > thanks :-) > > Assigning to you for the Advisory Now really assigning
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: Possible denial of service in X.509 name checks. (CVE-2024-6119) References: https://openssl-library.org/news/secadv/20240903.txt ======================== Updated packages in core/updates_testing: ======================== lib(64)openssl3-3.0.15-1.mga9 lib(64)openssl-devel-3.0.15-1.mga9 lib(64)openssl-static-devel-3.0.15-1.mga9 openssl-3.0.15-1.mga9 openssl-perl-3.0.15-1.mga9 from SRPM: openssl-3.0.15-1.mga9.src.rpm
Status comment: Fixed upstream in 3.3.2 and 3.0.15 => (none)Source RPM: openssl-3.3.1-1.mga10.src.rpm, openssl-3.0.14-1.mga9.src.rpm => openssl-3.0.14-1.mga9.src.rpmStatus: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugs
Keywords: (none) => advisory
Installed and tested without issues. Tested: - apache's mod_ssl; - dovecot; - samba; - certbot; - curl, wget, aria2c; - openssl create RSA self-signed certificate; - openssl s_server and s_client. All OK. System: Mageia 9, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz. $ uname -a Linux marte 6.6.43-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sat Jul 27 17:18:39 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep openssl.*3.0.15 | sort lib64openssl3-3.0.15-1.mga9 lib64openssl-devel-3.0.15-1.mga9 openssl-3.0.15-1.mga9
CC: (none) => mageia
Installed and tested without issues. After a day of workstation usage, no regressions or issues found. All OK. System: Mageia 9, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. $ uname -a Linux jupiter 6.6.43-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sat Jul 27 17:18:39 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep openssl.*3.0.15 | sort lib64openssl3-3.0.15-1.mga9 lib64openssl-devel-3.0.15-1.mga9 libopenssl3-3.0.15-1.mga9 openssl-3.0.15-1.mga9
MGA9-64 server Plasma Wayland on HP-Pavillion No installation issues. Testing following the wiki $ openssl version OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024) $ openssl version -a OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024) built on: Fri Sep 6 12:48:59 2024 UTC platform: linux-x86_64 options: bn(64,64) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config" OPENSSLDIR: "/etc/pki/tls" ENGINESDIR: "/usr/lib64/engines-3" MODULESDIR: "/usr/lib64/ossl-modules" Seeding source: os-specific CPUINFO: OPENSSL_ia32cap=0x43d8e3bfefebffff:0x2282 $ openssl ciphers -v TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD etc...... lists of specific ciphers also OK. Speed test and connection test, all work OK After all orhers tested OK,above, goof to go.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0291.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED