[ELSA-2023-3722] openssl security and bug fix update
[3.0.7-16.0.1]
- Replace upstream references [Orabug: 34340177]
[1:3.0.7-16]
- Fix possible DoS translating ASN.1 object identifiers
Resolves: CVE-2023-2650
- Release the DRBG in global default libctx early
Resolves: rhbz#2211396
[1:3.0.7-15.1]
- Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode
Resolves: rhbz#2178030
[1:3.0.7-15]
- Enforce using EMS in FIPS mode - alerts tuning
Related: rhbz#2157951
[1:3.0.7-14]
- Input buffer over-read in AES-XTS implementation on 64 bit ARM
Resolves: rhbz#2188554
[1:3.0.7-13]
- Enforce using EMS in FIPS mode
Resolves: rhbz#2157951
- Fix excessive resource usage in verifying X509 policy constraints
Resolves: rhbz#2186661
- Fix invalid certificate policies in leaf certificates check
Resolves: rhbz#2187429
- Certificate policy check not enabled
Resolves: rhbz#2187431
- OpenSSL rsa_verify_recover key length checks in FIPS mode
Resolves: rhbz#2186819
[1:3.0.7-12]
- Change explicit FIPS indicator for RSA decryption to unapproved
Resolves: rhbz#2179379
[1:3.0.7-11]
- Add missing reference to patchfile to add explicit FIPS indicator to RSA
encryption and RSASVE and fix the gettable parameter list for the RSA
asymmetric cipher implementation.
Resolves: rhbz#2179379
[1:3.0.7-10]
- Add explicit FIPS indicator to RSA encryption and RSASVE
Resolves: rhbz#2179379
[1:3.0.7-9]
- Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes
Resolves: rhbz#2175864
[1:3.0.7-8]
- Fix Wpointer-sign compiler warning
Resolves: rhbz#2178034
[1:3.0.7-7]
- Add explicit FIPS indicators to key derivation functions
Resolves: rhbz#2175860 rhbz#2175864
- Zeroize FIPS module integrity check MAC after check
Resolves: rhbz#2175873
- Add explicit FIPS indicator for IV generation in AES-GCM
Resolves: rhbz#2175868
- Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant
salt in PBKDF2 FIPS self-test
Resolves: rhbz#2178137
- Limit RSA_NO_PADDING for encryption and signature in FIPS mode
Resolves: rhbz#2178029
- Pairwise consistency tests should use Digest+Sign/Verify
Resolves: rhbz#2178034
- Forbid DHX keys import in FIPS mode
Resolves: rhbz#2178030
- DH PCT should abort on failure
Resolves: rhbz#2178039
- Increase RNG seeding buffer size to 32
Related: rhbz#2168224
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/openssl?distro=oraclelinux-9.2 | < 3.0.7-16.0.1.el9_2 |
pkg:rpm/oraclelinux/openssl-perl?distro=oraclelinux-9.2 | < 3.0.7-16.0.1.el9_2 |
pkg:rpm/oraclelinux/openssl-libs?distro=oraclelinux-9.2 | < 3.0.7-16.0.1.el9_2 |
pkg:rpm/oraclelinux/openssl-devel?distro=oraclelinux-9.2 | < 3.0.7-16.0.1.el9_2 |
- ID
- ELSA-2023-3722
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2023-3722.html
- Published
-
2023-06-22T00:00:00
(15 months ago) - Modified
-
2023-06-22T00:00:00
(15 months ago) - Rights
- Copyright 2023 Oracle, Inc.
- Other Advisories
-
- ALAS-2023-1762
- ALAS2-2023-2039
- ALAS2-2023-2073
- ALAS2-2023-2097
- ALAS2-2024-2502
- ALPINE:CVE-2023-0464
- ALPINE:CVE-2023-0465
- ALPINE:CVE-2023-0466
- ALPINE:CVE-2023-1255
- ALPINE:CVE-2023-2650
- ALSA-2023:3722
- ALSA-2023:6330
- DSA-5417-1
- ELSA-2023-12768
- ELSA-2023-6330
- FEDORA-2023-026c8ba371
- FEDORA-2023-964eb00fc6
- FREEBSD:1BA034FB-CA38-11ED-B242-D4C9EF517024
- FREEBSD:22DF5074-71CD-11EE-85EB-84A93843EB75
- FREEBSD:425B9538-CE5F-11ED-ADE3-D4C9EF517024
- FREEBSD:D86BECFE-05A4-11EE-9D4A-080027EDA32C
- FREEBSD:EB9A3C57-FF9E-11ED-A0D1-84A93843EB75
- GLSA-202402-08
- MS:CVE-2023-0465
- MS:CVE-2023-0466
- MS:CVE-2023-2650
- RHSA-2023:3722
- RHSA-2023:6330
- SSA:2023-150-01
- SUSE-SU-2023:1703-1
- SUSE-SU-2023:1704-1
- SUSE-SU-2023:1737-1
- SUSE-SU-2023:1738-1
- SUSE-SU-2023:1745-1
- SUSE-SU-2023:1746-1
- SUSE-SU-2023:1747-1
- SUSE-SU-2023:1748-1
- SUSE-SU-2023:1754-1
- SUSE-SU-2023:1764-1
- SUSE-SU-2023:1790-1
- SUSE-SU-2023:1794-1
- SUSE-SU-2023:1898-1
- SUSE-SU-2023:1907-1
- SUSE-SU-2023:1908-1
- SUSE-SU-2023:1911-1
- SUSE-SU-2023:1912-1
- SUSE-SU-2023:1914-1
- SUSE-SU-2023:1922-1
- SUSE-SU-2023:1926-1
- SUSE-SU-2023:1960-1
- SUSE-SU-2023:2327-1
- SUSE-SU-2023:2328-1
- SUSE-SU-2023:2329-1
- SUSE-SU-2023:2330-1
- SUSE-SU-2023:2331-1
- SUSE-SU-2023:2332-1
- SUSE-SU-2023:2342-1
- SUSE-SU-2023:2343-1
- SUSE-SU-2023:2469-1
- SUSE-SU-2023:2470-1
- SUSE-SU-2023:2471-1
- SUSE-SU-2023:2620-1
- USN-6039-1
- USN-6119-1
- USN-6188-1
- USN-6672-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2023-3722 | https://linux.oracle.com/errata/ELSA-2023-3722.html | |
CVE | CVE-2023-2650 | https://linux.oracle.com/cve/CVE-2023-2650.html | |
CVE | CVE-2023-0465 | https://linux.oracle.com/cve/CVE-2023-0465.html | |
CVE | CVE-2023-0464 | https://linux.oracle.com/cve/CVE-2023-0464.html | |
CVE | CVE-2023-0466 | https://linux.oracle.com/cve/CVE-2023-0466.html | |
CVE | CVE-2023-1255 | https://linux.oracle.com/cve/CVE-2023-1255.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/openssl?distro=oraclelinux-9.2 | oraclelinux | openssl | < 3.0.7-16.0.1.el9_2 | oraclelinux-9.2 | ||
Affected | pkg:rpm/oraclelinux/openssl-perl?distro=oraclelinux-9.2 | oraclelinux | openssl-perl | < 3.0.7-16.0.1.el9_2 | oraclelinux-9.2 | ||
Affected | pkg:rpm/oraclelinux/openssl-libs?distro=oraclelinux-9.2 | oraclelinux | openssl-libs | < 3.0.7-16.0.1.el9_2 | oraclelinux-9.2 | ||
Affected | pkg:rpm/oraclelinux/openssl-devel?distro=oraclelinux-9.2 | oraclelinux | openssl-devel | < 3.0.7-16.0.1.el9_2 | oraclelinux-9.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |