Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. OpenSSL 3.1, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. http://www.openwall.com/lists/oss-security/2023/07/19/4 http://www.openwall.com/lists/oss-security/2023/07/19/5 http://www.openwall.com/lists/oss-security/2023/07/19/6 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23 https://www.openssl.org/news/secadv/20230719.txt
Created openssl tracking bugs for this issue: Affects: fedora-all [bug 2225349]
This issue has been addressed in the following products: Red Hat JBoss Web Server 5.7 on RHEL 7 Red Hat JBoss Web Server 5.7 on RHEL 8 Red Hat JBoss Web Server 5.7 on RHEL 9 Via RHSA-2023:7622 https://access.redhat.com/errata/RHSA-2023:7622
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2023:7623 https://access.redhat.com/errata/RHSA-2023:7623
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7877 https://access.redhat.com/errata/RHSA-2023:7877
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0154 https://access.redhat.com/errata/RHSA-2024:0154
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0208 https://access.redhat.com/errata/RHSA-2024:0208
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0408 https://access.redhat.com/errata/RHSA-2024:0408
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0888 https://access.redhat.com/errata/RHSA-2024:0888
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1415 https://access.redhat.com/errata/RHSA-2024:1415