Oracle Linux Security Advisory ELSA-2023-3722 https://linux.oracle.com/errata/ELSA-2023-3722.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: openssl-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-devel-3.0.7-16.0.1.el9_2.i686.rpm openssl-devel-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-libs-3.0.7-16.0.1.el9_2.i686.rpm openssl-libs-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-perl-3.0.7-16.0.1.el9_2.x86_64.rpm aarch64: openssl-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-devel-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-libs-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-perl-3.0.7-16.0.1.el9_2.aarch64.rpm SRPMS: https://oss.oracle.com/ol9/SRPMS-updates//openssl-3.0.7-16.0.1.el9_2.src.rpm Related CVEs: CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-2650 Description of changes: [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode Resolves: rhbz#2178030 [1:3.0.7-15] - Enforce using EMS in FIPS mode - alerts tuning Related: rhbz#2157951 [1:3.0.7-14] - Input buffer over-read in AES-XTS implementation on 64 bit ARM Resolves: rhbz#2188554 [1:3.0.7-13] - Enforce using EMS in FIPS mode Resolves: rhbz#2157951 - Fix excessive resource usage in verifying X509 policy constraints Resolves: rhbz#2186661 - Fix invalid certificate policies in leaf certificates check Resolves: rhbz#2187429 - Certificate policy check not enabled Resolves: rhbz#2187431 - OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819 [1:3.0.7-12] - Change explicit FIPS indicator for RSA decryption to unapproved Resolves: rhbz#2179379 [1:3.0.7-11] - Add missing reference to patchfile to add explicit FIPS indicator to RSA encryption and RSASVE and fix the gettable parameter list for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 [1:3.0.7-10] - Add explicit FIPS indicator to RSA encryption and RSASVE Resolves: rhbz#2179379 [1:3.0.7-9] - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes Resolves: rhbz#2175864 [1:3.0.7-8] - Fix Wpointer-sign compiler warning Resolves: rhbz#2178034 [1:3.0.7-7] - Add explicit FIPS indicators to key derivation functions Resolves: rhbz#2175860 rhbz#2175864 - Zeroize FIPS module integrity check MAC after check Resolves: rhbz#2175873 - Add explicit FIPS indicator for IV generation in AES-GCM Resolves: rhbz#2175868 - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant salt in PBKDF2 FIPS self-test Resolves: rhbz#2178137 - Limit RSA_NO_PADDING for encryption and signature in FIPS mode Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 - Forbid DHX keys import in FIPS mode Resolves: rhbz#2178030 - DH PCT should abort on failure Resolves: rhbz#2178039 - Increase RNG seeding buffer size to 32 Related: rhbz#2168224 _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata
Oracle9: ELSA-2023-3722: openssl Moderate Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Summary
[3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode Resolves: rhbz#2178030 [1:3.0.7-15] - Enforce using EMS in FIPS mode - alerts tuning Related: rhbz#2157951 [1:3.0.7-14] - Input buffer over-read in AES-XTS implementation on 64 bit ARM Resolves: rhbz#2188554 [1:3.0.7-13] - Enforce using EMS in FIPS mode Resolves: rhbz#2157951 - Fix excessive resource usage in verifying X509 policy constraints Resolves: rhbz#2186661 - Fix invalid certificate policies in leaf certificates check Resolves: rhbz#2187429 - Certificate policy check not enabled Resolves: rhbz#2187431 - OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819 [1:3.0.7-12] - Change explicit FIPS indicator for RSA decryption to unapproved Resolves: rhbz#2179379 [1:3.0.7-11] - Add missing reference to patchfile to add explicit FIPS indicator to RSA encryption and RSASVE and fix the gettable parameter list for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 [1:3.0.7-10] - Add explicit FIPS indicator to RSA encryption and RSASVE Resolves: rhbz#2179379 [1:3.0.7-9] - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes Resolves: rhbz#2175864 [1:3.0.7-8] - Fix Wpointer-sign compiler warning Resolves: rhbz#2178034 [1:3.0.7-7] - Add explicit FIPS indicators to key derivation functions Resolves: rhbz#2175860 rhbz#2175864 - Zeroize FIPS module integrity check MAC after check Resolves: rhbz#2175873 - Add explicit FIPS indicator for IV generation in AES-GCM Resolves: rhbz#2175868 - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant salt in PBKDF2 FIPS self-test Resolves: rhbz#2178137 - Limit RSA_NO_PADDING for encryption and signature in FIPS mode Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 - Forbid DHX keys import in FIPS mode Resolves: rhbz#2178030 - DH PCT should abort on failure Resolves: rhbz#2178039 - Increase RNG seeding buffer size to 32 Related: rhbz#2168224
SRPMs
https://oss.oracle.com/ol9/SRPMS-updates//openssl-3.0.7-16.0.1.el9_2.src.rpm
x86_64
openssl-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-devel-3.0.7-16.0.1.el9_2.i686.rpm openssl-devel-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-libs-3.0.7-16.0.1.el9_2.i686.rpm openssl-libs-3.0.7-16.0.1.el9_2.x86_64.rpm openssl-perl-3.0.7-16.0.1.el9_2.x86_64.rpm
aarch64
openssl-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-devel-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-libs-3.0.7-16.0.1.el9_2.aarch64.rpm openssl-perl-3.0.7-16.0.1.el9_2.aarch64.rpm
i386
Severity
Related CVEs:
CVE-2023-0464
CVE-2023-0465
CVE-2023-0466
CVE-2023-1255
CVE-2023-2650
News
HOWTOs
Features
About Us
Powered By
