[ALSA-2022:6224] openssl security and bug fix update

Severity Moderate

Affected Packages 10

CVEs 5

openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: c_rehash script allows command injection (CVE-2022-1292)
* openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343)
* openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473)
* openssl: the c_rehash script allows command injection (CVE-2022-2068)
* openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323)
* openssl req defaults to 3DES (BZ#2085499)
* OpenSSL accepts custom elliptic curve parameters when p is large almalinux-9
* OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521)
* openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554)
* Converting FIPS power-on self test to KAT (BZ#2086866)
* Small RSA keys work for some operations in FIPS mode (BZ#2091938)
* FIPS provider doesn't block RSA encryption for key transport (BZ#2091977)
* OpenSSL testsuite certificates expired (BZ#2095696)
* [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044)
* [FIPS lab review] self-test (BZ#2112978)
* [FIPS lab review] DH tuning (BZ#2115856)
* [FIPS lab review] EC tuning (BZ#2115857)
* [FIPS lab review] RSA tuning (BZ#2115858)
* [FIPS lab review] RAND tuning (BZ#2115859)
* [FIPS lab review] zeroization (BZ#2115861)
* [FIPS lab review] HKDF limitations (BZ#2118388)

Package	Affected Version
pkg:rpm/almalinux/openssl?arch=x86_64&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl?arch=aarch64&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-perl?arch=x86_64&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-perl?arch=aarch64&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-libs?arch=x86_64&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-libs?arch=i686&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-libs?arch=aarch64&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-devel?arch=x86_64&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-devel?arch=i686&distro=almalinux-9.0	< 3.0.1-41.el9_0
pkg:rpm/almalinux/openssl-devel?arch=aarch64&distro=almalinux-9.0	< 3.0.1-41.el9_0

ID

ALSA-2022:6224

Severity

moderate

URL

https://errata.almalinux.org/ALSA-2022:6224.html

Published

2022-08-30T00:00:00
(2 years ago)

Modified

2023-09-15T13:41:48
(12 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2022:6224	https://access.redhat.com/errata/RHSA-2022:6224
CVE	CVE-2022-1292	https://access.redhat.com/security/cve/CVE-2022-1292
CVE	CVE-2022-1343	https://access.redhat.com/security/cve/CVE-2022-1343
CVE	CVE-2022-1473	https://access.redhat.com/security/cve/CVE-2022-1473
CVE	CVE-2022-2068	https://access.redhat.com/security/cve/CVE-2022-2068
CVE	CVE-2022-2097	https://access.redhat.com/security/cve/CVE-2022-2097
Bugzilla	2081494	https://bugzilla.redhat.com/2081494
Bugzilla	2087911	https://bugzilla.redhat.com/2087911
Bugzilla	2087913	https://bugzilla.redhat.com/2087913
Bugzilla	2097310	https://bugzilla.redhat.com/2097310
Bugzilla	2104905	https://bugzilla.redhat.com/2104905
Self	ALSA-2022:6224	https://errata.almalinux.org/9/ALSA-2022-6224.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/almalinux/openssl?arch=x86_64&distro=almalinux-9.0	almalinux	openssl	< 3.0.1-41.el9_0	almalinux-9.0	x86_64
Affected	pkg:rpm/almalinux/openssl?arch=aarch64&distro=almalinux-9.0	almalinux	openssl	< 3.0.1-41.el9_0	almalinux-9.0	aarch64
Affected	pkg:rpm/almalinux/openssl-perl?arch=x86_64&distro=almalinux-9.0	almalinux	openssl-perl	< 3.0.1-41.el9_0	almalinux-9.0	x86_64
Affected	pkg:rpm/almalinux/openssl-perl?arch=aarch64&distro=almalinux-9.0	almalinux	openssl-perl	< 3.0.1-41.el9_0	almalinux-9.0	aarch64
Affected	pkg:rpm/almalinux/openssl-libs?arch=x86_64&distro=almalinux-9.0	almalinux	openssl-libs	< 3.0.1-41.el9_0	almalinux-9.0	x86_64
Affected	pkg:rpm/almalinux/openssl-libs?arch=i686&distro=almalinux-9.0	almalinux	openssl-libs	< 3.0.1-41.el9_0	almalinux-9.0	i686
Affected	pkg:rpm/almalinux/openssl-libs?arch=aarch64&distro=almalinux-9.0	almalinux	openssl-libs	< 3.0.1-41.el9_0	almalinux-9.0	aarch64
Affected	pkg:rpm/almalinux/openssl-devel?arch=x86_64&distro=almalinux-9.0	almalinux	openssl-devel	< 3.0.1-41.el9_0	almalinux-9.0	x86_64
Affected	pkg:rpm/almalinux/openssl-devel?arch=i686&distro=almalinux-9.0	almalinux	openssl-devel	< 3.0.1-41.el9_0	almalinux-9.0	i686
Affected	pkg:rpm/almalinux/openssl-devel?arch=aarch64&distro=almalinux-9.0	almalinux	openssl-devel	< 3.0.1-41.el9_0	almalinux-9.0	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date