Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 8 - MGASA-2022-0255 Critical: OpenSSL Memory Issue

mageia
Calendar Grey July 12, 2022
Dist Mageia Esm H88
New OpenSSL updates address memory leak vulnerabilities in Mageia. Critical security notice released today.
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances

Summary

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097)

References

- https://bugs.mageia.org/show_bug.cgi?id=30619

- https://openssl-library.org/news/secadv/20220705.txt

- https://ubuntu.com/security/notices/USN-5502-1

- https://www.cve.org/CVERecord?id=CVE-2022-2097

Resolution

SRPMS

- 8/core/openssl-1.1.1q-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 12 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0255.html
Type: security
CVE: CVE-2022-2097

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here