[ALSA-2022:6224] openssl security and bug fix update
openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: c_rehash script allows command injection (CVE-2022-1292)
* openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343)
* openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473)
* openssl: the c_rehash script allows command injection (CVE-2022-2068)
* openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323)
* openssl req defaults to 3DES (BZ#2085499)
* OpenSSL accepts custom elliptic curve parameters when p is large almalinux-9
* OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521)
* openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554)
* Converting FIPS power-on self test to KAT (BZ#2086866)
* Small RSA keys work for some operations in FIPS mode (BZ#2091938)
* FIPS provider doesn't block RSA encryption for key transport (BZ#2091977)
* OpenSSL testsuite certificates expired (BZ#2095696)
* [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044)
* [FIPS lab review] self-test (BZ#2112978)
* [FIPS lab review] DH tuning (BZ#2115856)
* [FIPS lab review] EC tuning (BZ#2115857)
* [FIPS lab review] RSA tuning (BZ#2115858)
* [FIPS lab review] RAND tuning (BZ#2115859)
* [FIPS lab review] zeroization (BZ#2115861)
* [FIPS lab review] HKDF limitations (BZ#2118388)
Package | Affected Version |
---|---|
pkg:rpm/almalinux/openssl?arch=x86_64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl?arch=aarch64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-perl?arch=x86_64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-perl?arch=aarch64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-libs?arch=x86_64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-libs?arch=i686&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-libs?arch=aarch64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-devel?arch=x86_64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-devel?arch=i686&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
pkg:rpm/almalinux/openssl-devel?arch=aarch64&distro=almalinux-9.0 | < 3.0.1-41.el9_0 |
- ID
- ALSA-2022:6224
- Severity
- moderate
- URL
- https://errata.almalinux.org/ALSA-2022:6224.html
- Published
-
2022-08-30T00:00:00
(2 years ago) - Modified
-
2023-09-15T13:41:48
(12 months ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
- ALAS-2022-1605
- ALAS-2022-1626
- ALAS2-2022-1801
- ALAS2-2022-1815
- ALAS2-2022-1831
- ALAS2-2022-1832
- ALAS2-2023-1974
- ALAS2-2024-2502
- ALPINE:CVE-2022-1343
- ALPINE:CVE-2022-1473
- ALPINE:CVE-2022-2097
- ALSA-2022:5818
- DSA-5139-1
- DSA-5169-1
- DSA-5343-1
- ELSA-2022-5818
- ELSA-2022-6224
- ELSA-2022-9683
- ELSA-2022-9751
- FEDORA-2022-3b7d0abd0b
- FEDORA-2022-3fdc2d3047
- FEDORA-2022-41890e9e44
- FEDORA-2022-89a17be281
- FEDORA-2022-b651cb69e6
- FEDORA-2022-c9c02865f6
- FREEBSD:4B9C1C17-587C-11ED-856E-D4C9EF517024
- FREEBSD:4EEB93BF-F204-11EC-8FBD-D4C9EF517024
- FREEBSD:8E150606-08C9-11ED-856E-D4C9EF517024
- FREEBSD:A28E8B7E-FC70-11EC-856E-D4C9EF517024
- FREEBSD:B9210706-FEB0-11EC-81FA-1C697A616631
- FREEBSD:FCEB2B08-CB76-11EC-A06F-D4C9EF517024
- GLSA-202210-02
- MS:CVE-2022-1292
- MS:CVE-2022-2068
- MS:CVE-2022-2097
- openSUSE-SU-2022:2328-1
- RHSA-2022:5818
- RHSA-2022:6224
- RLSA-2022:5818
- RUSTSEC-2022-0025
- RUSTSEC-2022-0027
- RUSTSEC-2022-0032
- SECADV-20220503-1
- SECADV-20220503-2
- SECADV-20220503-4
- SECADV-20220621-1
- SECADV-20220705-1
- SSA:2022-124-02
- SSA:2022-174-01
- SSA:2022-179-03
- SSA:2022-186-01
- SUSE-SU-2022:2068-1
- SUSE-SU-2022:2075-1
- SUSE-SU-2022:2098-1
- SUSE-SU-2022:2106-1
- SUSE-SU-2022:2179-1
- SUSE-SU-2022:2180-1
- SUSE-SU-2022:2181-1
- SUSE-SU-2022:2182-1
- SUSE-SU-2022:2197-1
- SUSE-SU-2022:2251-1
- SUSE-SU-2022:2251-2
- SUSE-SU-2022:2306-1
- SUSE-SU-2022:2308-1
- SUSE-SU-2022:2309-1
- SUSE-SU-2022:2311-1
- SUSE-SU-2022:2312-1
- SUSE-SU-2022:2321-1
- SUSE-SU-2022:2328-1
- SUSE-SU-2022:2417-1
- USN-5402-1
- USN-5402-2
- USN-5488-1
- USN-5488-2
- USN-5502-1
- USN-6457-1
- USN-7018-1
Source | # ID | Name | URL |
---|---|---|---|
RHSA | RHSA-2022:6224 | https://access.redhat.com/errata/RHSA-2022:6224 | |
CVE | CVE-2022-1292 | https://access.redhat.com/security/cve/CVE-2022-1292 | |
CVE | CVE-2022-1343 | https://access.redhat.com/security/cve/CVE-2022-1343 | |
CVE | CVE-2022-1473 | https://access.redhat.com/security/cve/CVE-2022-1473 | |
CVE | CVE-2022-2068 | https://access.redhat.com/security/cve/CVE-2022-2068 | |
CVE | CVE-2022-2097 | https://access.redhat.com/security/cve/CVE-2022-2097 | |
Bugzilla | 2081494 | https://bugzilla.redhat.com/2081494 | |
Bugzilla | 2087911 | https://bugzilla.redhat.com/2087911 | |
Bugzilla | 2087913 | https://bugzilla.redhat.com/2087913 | |
Bugzilla | 2097310 | https://bugzilla.redhat.com/2097310 | |
Bugzilla | 2104905 | https://bugzilla.redhat.com/2104905 | |
Self | ALSA-2022:6224 | https://errata.almalinux.org/9/ALSA-2022-6224.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/openssl?arch=x86_64&distro=almalinux-9.0 | almalinux | openssl | < 3.0.1-41.el9_0 | almalinux-9.0 | x86_64 | |
Affected | pkg:rpm/almalinux/openssl?arch=aarch64&distro=almalinux-9.0 | almalinux | openssl | < 3.0.1-41.el9_0 | almalinux-9.0 | aarch64 | |
Affected | pkg:rpm/almalinux/openssl-perl?arch=x86_64&distro=almalinux-9.0 | almalinux | openssl-perl | < 3.0.1-41.el9_0 | almalinux-9.0 | x86_64 | |
Affected | pkg:rpm/almalinux/openssl-perl?arch=aarch64&distro=almalinux-9.0 | almalinux | openssl-perl | < 3.0.1-41.el9_0 | almalinux-9.0 | aarch64 | |
Affected | pkg:rpm/almalinux/openssl-libs?arch=x86_64&distro=almalinux-9.0 | almalinux | openssl-libs | < 3.0.1-41.el9_0 | almalinux-9.0 | x86_64 | |
Affected | pkg:rpm/almalinux/openssl-libs?arch=i686&distro=almalinux-9.0 | almalinux | openssl-libs | < 3.0.1-41.el9_0 | almalinux-9.0 | i686 | |
Affected | pkg:rpm/almalinux/openssl-libs?arch=aarch64&distro=almalinux-9.0 | almalinux | openssl-libs | < 3.0.1-41.el9_0 | almalinux-9.0 | aarch64 | |
Affected | pkg:rpm/almalinux/openssl-devel?arch=x86_64&distro=almalinux-9.0 | almalinux | openssl-devel | < 3.0.1-41.el9_0 | almalinux-9.0 | x86_64 | |
Affected | pkg:rpm/almalinux/openssl-devel?arch=i686&distro=almalinux-9.0 | almalinux | openssl-devel | < 3.0.1-41.el9_0 | almalinux-9.0 | i686 | |
Affected | pkg:rpm/almalinux/openssl-devel?arch=aarch64&distro=almalinux-9.0 | almalinux | openssl-devel | < 3.0.1-41.el9_0 | almalinux-9.0 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |