[ELSA-2024-2447] openssl and openssl-fips-provider security update
openssl
[1:3.0.7-27.0.3]
- Enable openssl-fips-provider dependency [Orabug: 36504822]
[1:3.0.7-27.0.2]
- Temporary disable openssl-fips-provider dependency [Orabug: 36504822]
[1:3.0.7-27.0.1]
- Replace upstream references [Orabug: 34340177]
[1:3.0.7-27]
- Use certified FIPS module instead of freshly built one in Red Hat distribution
Related: RHEL-23474
[1:3.0.7-26]
- Avoid implicit function declaration when building openssl
Related: RHEL-1780
- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
Resolves: RHEL-17104
- Add a directory for OpenSSL providers configuration
Resolves: RHEL-17193
- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
Resolves: RHEL-19515
- POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
Resolves: RHEL-21151
- Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
Resolves: RHEL-21654
- SSL ECDHE Kex fails when pkcs11 engine is set in config file
Resolves: RHEL-20249
- Denial of service via null dereference in PKCS#12
Resolves: RHEL-22486
- Use certified FIPS module instead of freshly built one in Red Hat distribution
Resolves: RHEL-23474
openssl-fips-provider
[3.0.7-2.0.1]
- Add bundle with Oracle Linux 9 OpenSSL FIPS Provider module files [Orabug: 36504822]
- Replace upstream references [Orabug: 34340177]
[3.0.7-2]
- Denote conflict with old versions of openssl-libs package
Related: RHEL-23474
[3.0.7-1]
Initial packaging
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/openssl?distro=oraclelinux-9 | < 3.0.7-27.0.3.el9 |
pkg:rpm/oraclelinux/openssl-perl?distro=oraclelinux-9 | < 3.0.7-27.0.3.el9 |
pkg:rpm/oraclelinux/openssl-libs?distro=oraclelinux-9 | < 3.0.7-27.0.3.el9 |
pkg:rpm/oraclelinux/openssl-fips-provider?distro=oraclelinux-9 | < 3.0.7-2.0.1.el9 |
pkg:rpm/oraclelinux/openssl-devel?distro=oraclelinux-9 | < 3.0.7-27.0.3.el9 |
- ID
- ELSA-2024-2447
- Severity
- low
- URL
- https://linux.oracle.com/errata/ELSA-2024-2447.html
- Published
-
2024-05-03T00:00:00
(4 months ago) - Modified
-
2024-05-03T00:00:00
(4 months ago) - Rights
- Copyright 2024 Oracle, Inc.
- Other Advisories
-
- ALAS-2023-1843
- ALAS-2023-1891
- ALAS2-2023-2205
- ALAS2-2023-2226
- ALAS2-2023-2246
- ALAS2-2023-2350
- ALAS2-2023-2351
- ALAS2-2024-2478
- ALAS2-2024-2479
- ALAS2-2024-2483
- ALAS2-2024-2502
- ALPINE:CVE-2023-2975
- ALPINE:CVE-2023-3446
- ALPINE:CVE-2023-3817
- ALPINE:CVE-2023-5678
- ALPINE:CVE-2023-6129
- ALPINE:CVE-2023-6237
- ALPINE:CVE-2024-0727
- ALSA-2023:7877
- ALSA-2024:0888
- ALSA-2024:2264
- ALSA-2024:2447
- ELSA-2023-7877
- ELSA-2024-0888
- ELSA-2024-12056
- ELSA-2024-2264
- FREEBSD:10DEE731-C069-11EE-9190-84A93843EB75
- FREEBSD:22DF5074-71CD-11EE-85EB-84A93843EB75
- FREEBSD:41C60E16-2405-11EE-A0D1-84A93843EB75
- FREEBSD:8337251B-B07B-11EE-B0D7-84A93843EB75
- FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75
- FREEBSD:BAD6588E-2FE0-11EE-A0D1-84A93843EB75
- GLSA-202402-08
- MS:CVE-2023-3817
- RHSA-2023:7877
- RHSA-2024:0888
- RHSA-2024:2264
- RHSA-2024:2447
- RLSA-2024:2264
- SSA:2023-213-01
- SSA:2024-199-01
- SUSE-SU-2023:2961-1
- SUSE-SU-2023:2962-1
- SUSE-SU-2023:2964-1
- SUSE-SU-2023:2965-1
- SUSE-SU-2023:2972-1
- SUSE-SU-2023:2973-1
- SUSE-SU-2023:3011-1
- SUSE-SU-2023:3012-1
- SUSE-SU-2023:3013-1
- SUSE-SU-2023:3093-1
- SUSE-SU-2023:3096-1
- SUSE-SU-2023:3160-1
- SUSE-SU-2023:3179-1
- SUSE-SU-2023:3239-1
- SUSE-SU-2023:3242-1
- SUSE-SU-2023:3243-1
- SUSE-SU-2023:3244-1
- SUSE-SU-2023:3244-2
- SUSE-SU-2023:3291-1
- SUSE-SU-2023:3291-2
- SUSE-SU-2023:3308-1
- SUSE-SU-2023:3338-1
- SUSE-SU-2023:3339-1
- SUSE-SU-2023:3397-1
- SUSE-SU-2023:3958-1
- SUSE-SU-2023:4189-1
- SUSE-SU-2023:4190-1
- SUSE-SU-2023:4488-1
- SUSE-SU-2023:4489-1
- SUSE-SU-2023:4518-1
- SUSE-SU-2023:4519-1
- SUSE-SU-2023:4520-1
- SUSE-SU-2023:4521-1
- SUSE-SU-2023:4522-1
- SUSE-SU-2023:4523-1
- SUSE-SU-2023:4524-1
- SUSE-SU-2023:4593-1
- SUSE-SU-2023:4635-1
- SUSE-SU-2023:4649-1
- SUSE-SU-2023:4918-1
- SUSE-SU-2023:4919-1
- SUSE-SU-2024:0172-1
- SUSE-SU-2024:0518-1
- SUSE-SU-2024:0549-1
- SUSE-SU-2024:0813-1
- SUSE-SU-2024:0814-1
- SUSE-SU-2024:0815-1
- SUSE-SU-2024:0831-1
- SUSE-SU-2024:0832-1
- SUSE-SU-2024:0833-1
- SUSE-SU-2024:0840-1
- SUSE-SU-2024:0841-1
- SUSE-SU-2024:0842-1
- USN-6435-1
- USN-6435-2
- USN-6450-1
- USN-6622-1
- USN-6632-1
- USN-6709-1
- USN-7018-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2024-2447 | https://linux.oracle.com/errata/ELSA-2024-2447.html | |
CVE | CVE-2023-6237 | https://linux.oracle.com/cve/CVE-2023-6237.html | |
CVE | CVE-2023-3817 | https://linux.oracle.com/cve/CVE-2023-3817.html | |
CVE | CVE-2023-6129 | https://linux.oracle.com/cve/CVE-2023-6129.html | |
CVE | CVE-2024-0727 | https://linux.oracle.com/cve/CVE-2024-0727.html | |
CVE | CVE-2023-2975 | https://linux.oracle.com/cve/CVE-2023-2975.html | |
CVE | CVE-2023-5678 | https://linux.oracle.com/cve/CVE-2023-5678.html | |
CVE | CVE-2023-3446 | https://linux.oracle.com/cve/CVE-2023-3446.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/openssl?distro=oraclelinux-9 | oraclelinux | openssl | < 3.0.7-27.0.3.el9 | oraclelinux-9 | ||
Affected | pkg:rpm/oraclelinux/openssl-perl?distro=oraclelinux-9 | oraclelinux | openssl-perl | < 3.0.7-27.0.3.el9 | oraclelinux-9 | ||
Affected | pkg:rpm/oraclelinux/openssl-libs?distro=oraclelinux-9 | oraclelinux | openssl-libs | < 3.0.7-27.0.3.el9 | oraclelinux-9 | ||
Affected | pkg:rpm/oraclelinux/openssl-fips-provider?distro=oraclelinux-9 | oraclelinux | openssl-fips-provider | < 3.0.7-2.0.1.el9 | oraclelinux-9 | ||
Affected | pkg:rpm/oraclelinux/openssl-devel?distro=oraclelinux-9 | oraclelinux | openssl-devel | < 3.0.7-27.0.3.el9 | oraclelinux-9 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |