ALSA-2023:1405

[ALSA-2023:1405] Important: openssl security update

Type:

security

Severity:

important

Release date:

2023-03-23

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssl-libs-1.1.1k-9.el8_7.aarch64.rpm	338606028addc62b5e0ab3f4c7688d1b90a480226fa457ceae1214e9841c2503
aarch64	openssl-1.1.1k-9.el8_7.aarch64.rpm	616029f6e3521224d58d86b657cb80a556bf8e186f87ae0d83d864cd8b019af0
aarch64	openssl-devel-1.1.1k-9.el8_7.aarch64.rpm	aa436753d425b62397e2bc54ea78fb9e9c831cfc2c55f66be55b016ef70181d5
aarch64	openssl-perl-1.1.1k-9.el8_7.aarch64.rpm	c3f91474bd6c3bbf5fabe42c5e3a1248f224505d10a8beb996a8487534128f89
i686	openssl-devel-1.1.1k-9.el8_7.i686.rpm	11f5f5eabcea7df1b721c5419873f5958b2518243187a2f24cd89409d56cdddc
i686	openssl-libs-1.1.1k-9.el8_7.i686.rpm	7cd666dea79c93990374dd2c3024226f4370dca78b22f151d6b14a3103a93576
ppc64le	openssl-libs-1.1.1k-9.el8_7.ppc64le.rpm	0122488b6e0214452b20c0103b0ab4720711e2b689126d581ba5fb5cc10b94b5
ppc64le	openssl-devel-1.1.1k-9.el8_7.ppc64le.rpm	536cb3c551617c0fe49f80a40610dd3126a45ab7c5864e6240a01b5bc69f231d
ppc64le	openssl-1.1.1k-9.el8_7.ppc64le.rpm	59a0fab510e41e496f3da25fbfaae5c1ea74e3fc4d8eb6c4f062d0b25030045c
ppc64le	openssl-perl-1.1.1k-9.el8_7.ppc64le.rpm	b3823c25a3b0d005f4ba8b9aa80bfc63a0519ff72d0ce42e412690aa847c1703
s390x	openssl-libs-1.1.1k-9.el8_7.s390x.rpm	8a32c61d16aba71bf0ccc8bc3f9ba3c1d95d2f9dab297bac6dcf285f77087baf
s390x	openssl-perl-1.1.1k-9.el8_7.s390x.rpm	9b005c3360384410640ec57286ebcd86576ead079a0baf08dd67ab62f1abacee
s390x	openssl-devel-1.1.1k-9.el8_7.s390x.rpm	9b7fe2e14f9c187c6b7f1856e51bb56d2aeded186647cfdb627bda6ea2aab09d
s390x	openssl-1.1.1k-9.el8_7.s390x.rpm	d9bff808ac4916f0826ff2915c4ab07d2f89fb8aa0bc7748f324a6029e43b3e1
x86_64	openssl-perl-1.1.1k-9.el8_7.x86_64.rpm	1bb5ece62a74e5d0def17cbec88acf57b24b25ffe5bf34bb9f8a2f5501b50ae7
x86_64	openssl-devel-1.1.1k-9.el8_7.x86_64.rpm	2c9f3b889555caa77eb6da3bf63e515946657743b64721fa494545dba5a54fd9
x86_64	openssl-1.1.1k-9.el8_7.x86_64.rpm	8c8d8bc0b019b16aea186256831c6ec6baac66e840140be8812312906bb767c1
x86_64	openssl-libs-1.1.1k-9.el8_7.x86_64.rpm	94e1c7d518e545980b03c86504169512775df393a6f1f79cc355243f70a85e13

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.