Oracle9: ELSA-2023-3722: openssl Moderate Security Update
Summary
[3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode Resolves: rhbz#2178030 [1:3.0.7-15] - Enforce using EMS in FIPS mode - alerts tuning Related: rhbz#2157951 [1:3.0.7-14] - Input buffer over-read in AES-XTS implementation on 64 bit ARM Resolves: rhbz#2188554 [1:3.0.7-13] - Enforce using EMS in FIPS mode Resolves: rhbz#2157951 - Fix excessive resource usage in verifying X509 policy constraints Resolves: rhbz#2186661 - Fix invalid certificate policies in leaf certificates check Resolves: rhbz#2187429 - Certificate policy check not enabled Resolves: rhbz#2187431 - OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819 [1:3.0.7-12] - Change explicit FIPS indicator for RSA decryption to unapproved Resolves: rhbz#2179379 [1:3.0.7-11] - Add missing reference to patchfile to add explicit FIPS indicator to RSA encryption and RSASVE and fix the gettable parameter list for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 [1:3.0.7-10] - Add explicit FIPS indicator to RSA encryption and RSASVE Resolves: rhbz#2179379 [1:3.0.7-9] - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes Resolves: rhbz#2175864 [1:3.0.7-8] - Fix Wpointer-sign compiler warning Resolves: rhbz#2178034 [1:3.0.7-7] - Add explicit FIPS indicators to key derivation functions Resolves: rhbz#2175860 rhbz#2175864 - Zeroize FIPS module integrity check MAC after check Resolves: rhbz#2175873 - Add explicit FIPS indicator for IV generation in AES-GCM Resolves: rhbz#2175868 - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant salt in PBKDF2 FIPS self-test Resolves: rhbz#2178137 - Limit RSA_NO_PADDING for encryption and signature in FIPS mode Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 - Forbid DHX keys import in FIPS mode Resolves: rhbz#2178030 - DH PCT should abort on failure Resolves: rhbz#2178039 - Increase RNG seeding buffer size to 32 Related: rhbz#2168224
SRPMs
https://oss.oracle.com:443/ol9/SRPMS-updates//openssl-3.0.7-16.0.1.el9_2.src.rpm
x86_64
openssl-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-devel-3.0.7-16.0.1.el9_2.i686.rpm openssl-devel-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-libs-3.0.7-16.0.1.el9_2.i686.rpm openssl-libs-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-perl-3.0.7-16.0.1.el9_2.x86_64.rpm
aarch64
openssl-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-devel-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-libs-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-perl-3.0.7-16.0.1.el9_2.aarch64.rpm
i386
