Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

Oracle Linux 9: ELSA-2023-0946 Moderate Update for OpenSSL Issues

oracle
Calendar Grey February 28, 2023
Scroller Oracle
Oracle Linux has released updates addressing urgent OpenSSL security vulnerabilities. It's essential to verify available updates and implement them promptly.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 [1:3.0.1-46] - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2158412 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2144010 [1:3.0.1-45] - Add support of X25519 and X448 "group" parameter in EVP_PKEY_CTX objects Resolves: rhbz#2149010 - Fix explicit indi...

Read the Full Advisory

SRPMs

https://oss.oracle.com:443/ol9/SRPMS-updates//openssl-3.0.1-47.0.1.el9_1.src.rpm

x86_64

openssl-3.0.1-47.0.1.el9_1.x86_64.rpm openssl-devel-3.0.1-47.0.1.el9_1.i686.rpm openssl-devel-3.0.1-47.0.1.el9_1.x86_64.rpm openssl-libs-3.0.1-47.0.1.el9_1.i686.rpm openssl-libs-3.0.1-47.0.1.el9_1.x86_64.rpm openssl-perl-3.0.1-47.0.1.el9_1.x86_64.rpm

aarch64

openssl-3.0.1-47.0.1.el9_1.aarch64.rpm openssl-devel-3.0.1-47.0.1.el9_1.aarch64.rpm openssl-libs-3.0.1-47.0.1.el9_1.aarch64.rpm openssl-perl-3.0.1-47.0.1.el9_1.aarch64.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0286 CVE-2023-0401

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.