CVE-2024-4603: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The above is fixed in the following commits: 3.3: https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e 3.2: https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740 3.1: https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d 3.0: https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397 Upstream considers this to be of low severity, so they will not be publishing a new release.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d599c0c43be0a01695f429fd40375108621c7f59 commit d599c0c43be0a01695f429fd40375108621c7f59 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-06-12 04:45:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-06-12 04:45:36 +0000 dev-libs/openssl: add 3.2.2 Bug: https://bugs.gentoo.org/932317 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-3.2.2.ebuild | 300 ++++++++++++++++++++++++++++++++++ 2 files changed, 302 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4f81231fd772c67304f0064b9ed43c76f5934b8 commit f4f81231fd772c67304f0064b9ed43c76f5934b8 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-06-12 04:35:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-06-12 04:35:21 +0000 dev-libs/openssl: add 3.1.6 Bug: https://bugs.gentoo.org/932317 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-3.1.6.ebuild | 281 ++++++++++++++++++++++++++++++++++ 2 files changed, 283 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1a16fb0a5bf7b503513b17129f3d4ef5ee8e715 commit a1a16fb0a5bf7b503513b17129f3d4ef5ee8e715 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-06-12 04:28:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-06-12 04:28:13 +0000 dev-libs/openssl: add 3.0.14 Bug: https://bugs.gentoo.org/932317 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-3.0.14.ebuild | 278 +++++++++++++++++++++++++++++++++ 2 files changed, 280 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6aeb3b832426e11db49150f9bdd9c4f72b6cdbb commit b6aeb3b832426e11db49150f9bdd9c4f72b6cdbb Author: Sam James <sam@gentoo.org> AuthorDate: 2024-06-12 04:58:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-06-12 04:58:15 +0000 dev-libs/openssl: add 3.3.1 Bug: https://bugs.gentoo.org/932317 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-3.3.1.ebuild | 300 ++++++++++++++++++++++++++++++++++ 2 files changed, 302 insertions(+)
