Oracle Linux Security Advisory ELSA-2023-1405 https://linux.oracle.com/errata/ELSA-2023-1405.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: openssl-1.1.1k-9.el8_7.x86_64.rpm openssl-devel-1.1.1k-9.el8_7.i686.rpm openssl-devel-1.1.1k-9.el8_7.x86_64.rpm openssl-libs-1.1.1k-9.el8_7.i686.rpm openssl-libs-1.1.1k-9.el8_7.x86_64.rpm openssl-perl-1.1.1k-9.el8_7.x86_64.rpm aarch64: openssl-1.1.1k-9.el8_7.aarch64.rpm openssl-devel-1.1.1k-9.el8_7.aarch64.rpm openssl-libs-1.1.1k-9.el8_7.aarch64.rpm openssl-perl-1.1.1k-9.el8_7.aarch64.rpm SRPMS: https://oss.oracle.com/ol8/SRPMS-updates//openssl-1.1.1k-9.el8_7.src.rpm Related CVEs: CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 Description of changes: [1:1.1.1k-9] - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 [1:1.1.1k-8] - Fix no-ec build Resolves: rhbz#2071020 _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata