ptrace(PTRACE_ATTACH) fails on processes of the same user VUL-0: CVE-2024-2511: openssl-1_1,openssl-3:Unbounded memory growth with session handling in TLSv1.3 [SECURITY] openSSL 3.1.x EC doesn't work with tpm2 Userspace livepatch application fails: ulp: Unable to get section data. openssl-3: variations in openssl-3-debugsource SUSE:SLE-15-SP6:GA openssl-3 not livepatch enabled VUL-0: CVE-2024-4603: openssl-3: excessive time spent checking DSA keys and parameters [NetApp SLES15 SP6 Bug]: NVMe/TCP TLS connection fails due to handshake failure VUL-0: CVE-2024-4741: openssl-1_1,openssl-3: Use After Free with SSL_free_buffers VUL-0: CVE-2024-5535: openssl: SSL_select_next_proto buffer overread VUL-0: EMBARGOED: CVE-2024-6119: openssl-3: possible denial of service in X.509 name checks [FIPS][OpenSSL-3] Service Level Indicator is needed [FIPS][OpenSSL-3] Selftests are required [FIPS][OpenSSL-3] Error state has to be enforced [FIPS][OpenSSL-3] Entropy Source [FIPS][OpenSSL-3] Use of non-Approved Elliptic Curves [FIPS][OpenSSL-3] The FIPS module shall provide an output possibility [FIPS][OpenSSL-3] FIPS Domain Parameters [FIPS][OpenSSL-3] Recommendation for Password-Based Key Derivation [FIPS][OpenSSL-3] Zeroisation is required [FIPS][OpenSSL-3] Primary DRBG for openssl needs to have prediction resistance enabled or it shall be reseeded every time before providing an output to the caller. [FIPS][OpenSSL-3] Add oversampling of the noise source to comply with requirements of NIST SP 800-90C. [FIPS][OpenSSL-3] Change CRNG buf size to align with output size of the Jitter RNG. [FIPS][OpenSSL-3] NIST SP 800-56Brev2 [FIPS][OpenSSL-3] Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 [FIPS][OpenSSL-3] NIST SP 800-56Arev3 algif_hash in kernel-obs-build causes an openssl-1_1 test failure gbelinassi important security

Security update for openssl-3, libpulp, ulp-macros

This update for openssl-3, libpulp, ulp-macros fixes the following issues: openssl-3: - CVE-2024-6119: possible denial of service in X.509 name checks (bsc#1229465) - CVE-2024-5535: SSL_select_next_proto buffer overread (bsc#1227138) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers (bsc#1225551) - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-2511: Fix unconstrained session cache growth in TLSv1.3 (bsc#1222548) - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365) - FIPS: RSA keygen PCT requirements. (bsc#1221760, bsc#1221753) - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode. (bsc#1220523) - FIPS: Port openssl to use jitterentropy (bsc#1220523) - FIPS: Block non-Approved Elliptic Curves (bsc#1221786) - FIPS: Service Level Indicator (bsc#1221365) - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module. (bsc#1221751) - FIPS: Add required selftests (bsc#1221760) - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821) - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827) - FIPS: Zeroization is required (bsc#1221752) - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696) - FIPS: NIST SP 800-56Brev2 (bsc#1221824) - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787) - FIPS: Port openssl to use jitterentropy (bsc#1220523) - FIPS: NIST SP 800-56Arev3 (bsc#1221822) - FIPS: Error state has to be enforced (bsc#1221753) - Build with enabled sm2 and sm4 support (bsc#1222899) - fix non-reproducible build issue - Fix HDKF key derivation (bsc#1225291) - Enable livepatching support (bsc#1223428) libpulp: - Update package with libpulp-0.3.5 * Change .so load policy from lazy to eager. * Fix patch of references when mprotect is enabled. * Fix tramposed calloc arguments. * Fix crash of ulp packer on empty lines. - Disabled ptrace_scope through aaa_base-enable-ptrace package (bsc#1221763). - Update package with libpulp-0.3.4: * Add debuginfo into ulp extract. - Disabled ptrace_scope when building the package (bsc#1221763). - Update package with libpulp-0.3.3: * Fixed a race condition when process list is empty. * Removed "Unable to get section data" error message (bsc#1223306). * Bumped asunsafe_conversion attempts from 100 to 2000. * Fixed banner test on clang-18. * Check if ptrace_scope is enabled when attempting a ptrace operation (bsc#1221763). - Update package with libpulp-0.3.1: * Add timestamp information on `ulp patches`. ulp-macros: - Initial release. libpulp openssl-3 ulp-macros jitterentropy