{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for openssl-1_1","title":"Title of the patch"},{"category":"description","text":"This update for openssl-1_1 fixes the following issues:\n\n- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-Leap-Micro-5.2-2022-2328","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_2328-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2022:2328-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YYPFZ7KMN6GQBF6OHSBFHNAHQ2AP2WBJ/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2022:2328-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YYPFZ7KMN6GQBF6OHSBFHNAHQ2AP2WBJ/"},{"category":"self","summary":"SUSE Bug 1201099","url":"https://bugzilla.suse.com/1201099"},{"category":"self","summary":"SUSE CVE CVE-2022-2097 page","url":"https://www.suse.com/security/cve/CVE-2022-2097/"}],"title":"Security update for openssl-1_1","tracking":{"current_release_date":"2022-07-07T13:07:55Z","generator":{"date":"2022-07-07T13:07:55Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2022:2328-1","initial_release_date":"2022-07-07T13:07:55Z","revision_history":[{"date":"2022-07-07T13:07:55Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64","product":{"name":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64","product_id":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64"}},{"category":"product_version","name":"libopenssl1_1-1.1.1d-150200.11.51.1.aarch64","product":{"name":"libopenssl1_1-1.1.1d-150200.11.51.1.aarch64","product_id":"libopenssl1_1-1.1.1d-150200.11.51.1.aarch64"}},{"category":"product_version","name":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64","product":{"name":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64","product_id":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64"}},{"category":"product_version","name":"openssl-1_1-1.1.1d-150200.11.51.1.aarch64","product":{"name":"openssl-1_1-1.1.1d-150200.11.51.1.aarch64","product_id":"openssl-1_1-1.1.1d-150200.11.51.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64","product":{"name":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64","product_id":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64"}},{"category":"product_version","name":"libopenssl1_1-1.1.1d-150200.11.51.1.x86_64","product":{"name":"libopenssl1_1-1.1.1d-150200.11.51.1.x86_64","product_id":"libopenssl1_1-1.1.1d-150200.11.51.1.x86_64"}},{"category":"product_version","name":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64","product":{"name":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64","product_id":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64"}},{"category":"product_version","name":"openssl-1_1-1.1.1d-150200.11.51.1.x86_64","product":{"name":"openssl-1_1-1.1.1d-150200.11.51.1.x86_64","product_id":"openssl-1_1-1.1.1d-150200.11.51.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap Micro 5.2","product":{"name":"openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap-micro:5.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64"},"product_reference":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64"},"product_reference":"libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libopenssl1_1-1.1.1d-150200.11.51.1.aarch64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.aarch64"},"product_reference":"libopenssl1_1-1.1.1d-150200.11.51.1.aarch64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libopenssl1_1-1.1.1d-150200.11.51.1.x86_64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.x86_64"},"product_reference":"libopenssl1_1-1.1.1d-150200.11.51.1.x86_64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64"},"product_reference":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64"},"product_reference":"libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"openssl-1_1-1.1.1d-150200.11.51.1.aarch64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.aarch64"},"product_reference":"openssl-1_1-1.1.1d-150200.11.51.1.aarch64","relates_to_product_reference":"openSUSE Leap Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"openssl-1_1-1.1.1d-150200.11.51.1.x86_64 as component of openSUSE Leap Micro 5.2","product_id":"openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.x86_64"},"product_reference":"openssl-1_1-1.1.1d-150200.11.51.1.x86_64","relates_to_product_reference":"openSUSE Leap Micro 5.2"}]},"vulnerabilities":[{"cve":"CVE-2022-2097","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-2097"}],"notes":[{"category":"general","text":"AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-2097","url":"https://www.suse.com/security/cve/CVE-2022-2097"},{"category":"external","summary":"SUSE Bug 1201099 for CVE-2022-2097","url":"https://bugzilla.suse.com/1201099"},{"category":"external","summary":"SUSE Bug 1201332 for CVE-2022-2097","url":"https://bugzilla.suse.com/1201332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl1_1-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64","openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.aarch64","openSUSE Leap Micro 5.2:openssl-1_1-1.1.1d-150200.11.51.1.x86_64"]}],"threats":[{"category":"impact","date":"2022-07-07T13:07:55Z","details":"important"}],"title":"CVE-2022-2097"}]}