[ALSA-2022:6224] Moderate: openssl security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-09-15
Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: c_rehash script allows command injection (CVE-2022-1292) * openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343) * openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473) * openssl: the c_rehash script allows command injection (CVE-2022-2068) * openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323) * openssl req defaults to 3DES (BZ#2085499) * OpenSSL accepts custom elliptic curve parameters when p is large [almalinux-9] (BZ#2085508) * OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521) * openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554) * Converting FIPS power-on self test to KAT (BZ#2086866) * Small RSA keys work for some operations in FIPS mode (BZ#2091938) * FIPS provider doesn't block RSA encryption for key transport (BZ#2091977) * OpenSSL testsuite certificates expired (BZ#2095696) * [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044) * [FIPS lab review] self-test (BZ#2112978) * [FIPS lab review] DH tuning (BZ#2115856) * [FIPS lab review] EC tuning (BZ#2115857) * [FIPS lab review] RSA tuning (BZ#2115858) * [FIPS lab review] RAND tuning (BZ#2115859) * [FIPS lab review] zeroization (BZ#2115861) * [FIPS lab review] HKDF limitations (BZ#2118388)
Updated packages listed below:
Architecture Package Checksum
aarch64 openssl-devel-3.0.1-41.el9_0.aarch64.rpm 32d7afc4f384cccdb7955d1102c8bbfb5a45b99675983f56f3bd570fd6940c50
aarch64 openssl-libs-3.0.1-41.el9_0.aarch64.rpm 378411c95ad976061f8b1588283679608eef49cf107b5253781a26f52b4ca27a
aarch64 openssl-perl-3.0.1-41.el9_0.aarch64.rpm 5fc16fd3d9db8b1a41031868b405b2535d8d5fcde61658ca9eac0548855cebb9
aarch64 openssl-3.0.1-41.el9_0.aarch64.rpm be1c05ff1af91c47d6d7269987ed7820d473a25325b4bec71af18d09f7cfb02b
i686 openssl-devel-3.0.1-41.el9_0.i686.rpm 01db3f0440b120c0b42ff33f625678694a0c6b9db0bac0bb8dc253407d43ce92
i686 openssl-libs-3.0.1-41.el9_0.i686.rpm a914bd989b8730edba072e45655036878cefb901a151d1dd3d283281eb6a8b84
ppc64le openssl-devel-3.0.1-41.el9_0.ppc64le.rpm 30737533344c5641c5fcf893ed090bfb587ee819ecd8a4cbbe6353fbc120f59a
ppc64le openssl-libs-3.0.1-41.el9_0.ppc64le.rpm 3ba599b2a34a05d304b57c6ff375792597bb9e33d0d9288abeb2d3a4bd665ef3
ppc64le openssl-perl-3.0.1-41.el9_0.ppc64le.rpm 4571d798729ec00cffb6524c0689e0bcb62499d92c912eefd05d3f0f0df46f1d
ppc64le openssl-3.0.1-41.el9_0.ppc64le.rpm 7c1118b73d5384b741cede8de2d30b2dfc2474f0d120a5fc4f045bb834032a40
s390x openssl-perl-3.0.1-41.el9_0.s390x.rpm 19e09234a2d390dd7396772f4fd685832e0e698483e2b571743dcb6e79606ce7
s390x openssl-libs-3.0.1-41.el9_0.s390x.rpm 2f4db1d05c5967b1613af2556ba65e837803a8269de5c9da87238cc480a04f07
s390x openssl-3.0.1-41.el9_0.s390x.rpm 4c614245f6803d73e3c186c960ced85f97141fdb9c88ba86e45fd50b44818288
s390x openssl-devel-3.0.1-41.el9_0.s390x.rpm 803117f0b8d91424b2b980d07f14469674728f72d4e1313301e620350a578dd1
x86_64 openssl-libs-3.0.1-41.el9_0.x86_64.rpm 1a830ad3a6dfcd671de775264a521c516bd5913837fd1a9318bddcffdeaf3ea5
x86_64 openssl-perl-3.0.1-41.el9_0.x86_64.rpm 9d835a284fd7f3d7793aae5d2d30d1720587a56280c7bc567274d8dfeae3d3a5
x86_64 openssl-devel-3.0.1-41.el9_0.x86_64.rpm ae7a5ee958bbe423a43289b7f4c09c9ad551ba87e4e7439d231bd1ff243536bd
x86_64 openssl-3.0.1-41.el9_0.x86_64.rpm e5be7dc899ff25a0e7cfaf753e434ce1fe7c0d2882667027ed0df2ec79f66273
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.