Security update for qatengine, qatlib
| Announcement ID: | SUSE-SU-2025:3942-1 |
|---|---|
| Release Date: | 2025-11-05T08:16:03Z |
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
This update for qatengine, qatlib fixes the following issues:
Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities:
- bsc#1233363 (CVE-2024-28885)
- bsc#1233365 (CVE-2024-31074)
- bsc#1233366 (CVE-2024-33617)
Update to 1.7.0:
- ipp-crypto name change to cryptography-primitives
- QAT_SW GCM memory leak fix in cleanup function
- Update limitation section in README for v1.7.0 release
- Fix build with OPENSSL_NO_ENGINE
- Fix for build issues with qatprovider in qatlib
- Bug fixes and README updates to v1.7.0
- Remove qat_contig_mem driver support
- Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries
- Fix for DSA issue with openssl3.2
- Fix missing lower bounds check on index i
- Enabled SW Fallback support for FBSD
- Fix for segfault issue when SHIM config section is unavailable
- Fix for Coverity & Resource leak
- Fix for RSA failure with SVM enabled in openssl-3.2
- SM3 Memory Leak Issue Fix
- Fix qatprovider lib name issue with system openssl
Update to 1.6.0:
- Fix issue with make depend for QAT_SW
- QAT_HW GCM Memleak fix & bug fixes
- QAT2.0 FreeBSD14 intree driver support
- Fix OpenSSL 3.2 compatibility issues
- Optimize hex dump logging
- Clear job tlv on error
- QAT_HW RSA Encrypt and Decrypt provider support
- QAT_HW AES-CCM Provider support
- Add ECDH keymgmt support for provider
- Fix QAT_HW SM2 memory leak
- Enable qaeMemFreeNonZeroNUMA() for qatlib
- Fix polling issue for the process that doesn't have QAT_HW instance
- Fix SHA3 qctx initialization issue & potential memleak
- Fix compilation error in SM2 with qat_contig_mem
- Update year in copyright information to 2024
Update to 1.5.0:
- use new --enable-qat_insecure_algorithms to avoid regressions
- improve support for SM{2,3,4} ciphers
- improve SW fallback support
-
many bug fixes, refactorisations and documentation updates
-
update to 0.6.18:
- Fix address sanitizer issues
- Fix issues with Babassl & Openssl3.0
- Add QAT_HW SM4 CBC support
- Refactor ECX provider code into single file
- Fix QAT_HW AES-GCM bad mac record & memleak
- Fix SHA3 memory leak
- Fix sm4-cbc build error with system default OpenSSL
- Symmetric performance Optimization & memleak fixes
- Bug fix, README & v0.6.18 Version update
-
Please refer README (Software requirements section) for dependent libraries release version and other information.
-
update to v0.6.17:
- Add security policy - c1a7a96
- Add dependancy update tool file - 522c41d
- Release v0.6.17 version update - c1a7a96
- Enable QAT_SW RSA & ECDSA support for BoringSSL - 1035e82
- Fix QAT_SW SM2 ECDSA Performance issue - f44a564
- CPP check and Makefile Bug fixes - 98ccbe8
- Fix buffer overflow issue with SHA3 and ECX - cab65f3
- Update version and README for v0.6.16 - 1c95fd7
- Split --with-qat_sw_install_dir into seperate configures - d5f5656
- Add seperate err files for Boringssl - 1a09627
- Fix QAT_HW & QAT_SW AES-GCM issue with s_server in provider - c775f5c
- Fix issue with disable flags in provider - 2e00636
- Fix coredump issue in provider with qat_sw gcm - 6703c13
- Fix err files regeneration failure - 510f3dc
- Add Provider Support for ChachaPoly and SM2 - a98e51d
- Bug Fixes in testapp and with disable flags. - 0945535
- QAT HW&SW Co-existence dynamic mechanism support. - 5baf5aa
- Fix issue with SIGUSR1 during reload. - 00ea833
- Refactor qat_hw instances based on Sym/Asym capabilities. - bb10128
- Replace deprecated pthread_yield with sched_yield. - d514406
- BoringSSL support for RSA and ECDSA. - 41c67c7
- Fix s_server lseek forever issue with qatprovider. - cb3db21
- Fix aes-cbc failure issue in testapp. - a530427
- Fix glibc version test - 2461966
- Fix issue with generator param and ECDSA verify. - c51fc17
- Provider Support for DSA, DH, HKDF, PRF, SHA3 & aes-cbc - 7cc5eb9
- Fix testapp issues and optimization - e7c2ba8
- Optimize setup and clear async event notification - 573fe48
- Fix Nginx worker process core dump in QAT_SW with pkill/killall - 4eb4473
- Add Cofactor to take optimized path in ECDH API - 9a23c7e
- Fix double free issue with QAT_SW - 1a16708
- Add thread mapping to specific QAT_HW instance - 5ee799a
- OpenSSL 3.0 Provider Support - 38086fa
- Update README and version to v0.6.12 - dca2957
- Fixed worker process hung forever after nginx reload - bfe97aa
- Remove OpenSSL 1.1.0 Support - da8682a
- Add QAT_SW SM2 ECDH & SM3 support - 04a6af2
- QAT_SW ECDSA SM2 sign and verify Support - d44ae7e
- Disable SM3, Bug fixes, Readme & version update - d995046
qatlib was updated to:
Update to 24.09.0:
- Improved performance scaling in multi-thread applications
- Set core affinity mapping based on NUMA (libnuma now required for building)
- bug fixes, see https://github.com/intel/qatlib#resolved-issues
Version update to 24.02.0
- Support DC NS (NoSession) APIs
- Support Symmetric Crypto SM3 & SM4
- Support Asymmetric Crypto SM2
- Support DC CompressBound APIs
- Bug Fixes. See Resolved section in README.md
Update to 23.11.0:
- use new --enable-legacy-algorithms to avoid regressions
- add support for data compression chaining (hash then compress)
- add support for additional configuration profiles
- add support DC NS (NoSession) APIs
- add support DC CompressBound APIs
- add Support for Chinese SM{2,3,4} ciphers
- bump shared library major to 4
- refactoring, bug fixes and documentation updates
Update to 22.07.2:
- Changed from yasm to nasm for assembly compilation
- Added configuration option to use C implementation of soft CRC implementation instead of asm
- Added support for pkg-config
- Added missing lock around accesses to some global data in qatmgr
- Fix for QATE-86605 – improve error checking on size param used by qatmgr debug function.
- Fix for issue #10
- Fixed link to Programmer's Guide
- Added support for Compression LZ4 and LZ4s algorithms
- Added support for Compression end-to-end integrity checks
- Added support for PKE Generic Point Multiply APIs
- Added support for CPM2.0b
- Updated library to support new version of QAT APIs
- Updated qat service to allow compression only and crypto only configurations
- Created qatlib-tests rpm package
- Added option to configure script to skip building sample code
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3942=1 -
SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3942=1 -
SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-LTS-2025-3942=1 -
SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3942=1 -
openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3942=1 -
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3942=1 -
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3942=1 -
SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3942=1
Package List:
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
-
SUSE Manager Proxy 4.3 LTS (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
-
SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
-
SUSE Manager Server 4.3 LTS (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
-
openSUSE Leap 15.4 (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
- libqat4-24.09.0-150400.3.6.1
- qatzip-debugsource-1.1.0-150400.3.3.1
- libqatzip3-1.1.0-150400.3.3.1
- qatlib-debugsource-24.09.0-150400.3.6.1
- libqat4-debuginfo-24.09.0-150400.3.6.1
- qatzip-1.1.0-150400.3.3.1
- qatengine-debugsource-1.7.0-150400.3.6.1
- qatlib-24.09.0-150400.3.6.1
- libqatzip3-debuginfo-1.1.0-150400.3.3.1
- libusdm0-debuginfo-24.09.0-150400.3.6.1
- qatlib-debuginfo-24.09.0-150400.3.6.1
- qatzip-devel-1.1.0-150400.3.3.1
- qatengine-debuginfo-1.7.0-150400.3.6.1
- qatengine-1.7.0-150400.3.6.1
- qatlib-devel-24.09.0-150400.3.6.1
- libusdm0-24.09.0-150400.3.6.1
- qatzip-debuginfo-1.1.0-150400.3.3.1
References:
- https://www.suse.com/security/cve/CVE-2024-28885.html
- https://www.suse.com/security/cve/CVE-2024-31074.html
- https://www.suse.com/security/cve/CVE-2024-33617.html
- https://bugzilla.suse.com/show_bug.cgi?id=1233363
- https://bugzilla.suse.com/show_bug.cgi?id=1233365
- https://bugzilla.suse.com/show_bug.cgi?id=1233366