RedHat: RHSA-2022-7384:01 Critical: openssl-container security upda...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: openssl-container security update
Advisory ID:       RHSA-2022:7384-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7384
Issue date:        2022-11-02
CVE Names:         CVE-2022-3602 CVE-2022-3786 
=====================================================================

1. Summary:

An update for openssl-container is now available for Red Hat Enterprise
Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The ubi9/openssl image provides provides an openssl command-line tool for
using the various functions of the OpenSSL crypto library. Using the
OpenSSL tool, you can generate private keys, create certificate signing
requests (CSRs), and display certificate information.

This updates the ubi9/openssl image in the Red Hat Container Registry.

To pull this container image, run one of the following commands:

    podman pull registry.redhat.io/rhel9/openssl (authenticated)
    podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated)

Security Fix(es):

* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.

4. Bugs fixed (https://bugzilla.redhat.com/):

2134869 - rebuild of openssl-container 9.0
2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow

5. References:

https://access.redhat.com/security/cve/CVE-2022-3602
https://access.redhat.com/security/cve/CVE-2022-3786
https://access.redhat.com/security/updates/classification/#critical
https://catalog.redhat.com/software/containers/search
https://access.redhat.com/security/vulnerabilities/RHSB-2022-004

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2MRgtzjgjWX9erEAQgHMBAAgjuU0cGu47ptVYHjuJHUUBIrQaAjqcwW
MffMcu54pXHcKaFi0FV7moAJ5mawQWAamunMaleKScdinaYMk9W8RtLg8jO9flpm
vN1tTVvIyoSQ9KKe/1jde37VbtkNL5FmV9uWfMCL55qqF4FL0a6zFLbPDjWXaxh9
UvXds0G1JqUkHnSCrxIMP9UJrTvMQRxI06BfBkstMbfdUd26gfmcyTux9IyVZQnc
YKnDaYKsMGmy+iX1Fe7FlfnAyA04MEVsqCa82MbD47TDRmFtrkurZO0R71MDGVVZ
75AnDX+Z5o6Z7tZcmXWdz67aEZ4ApPVqvRjtd7D8LDGfJCDZC0HTS0cvUozJOqsL
cl3owpI3Kj+bx8S+dtfjgRfMNXU4IRl4T+qSTBwE1jEY/s44NvJjGYDBGUqneUtF
V7Hv7JkApSgx5OxLz2zK75DiGqL9fD/qpNHhj73KHWvvSKvNEGlmkIWWF1wkC5XO
Z/Ld5Q/FW9bchkQwxEJuxykzukzn2m6xUqVKjfB4ErhCBfoqredYY7jcNLYJcgOU
BNaR9kH1kRRp2F55QmA03dxU6FPn4N1CoOHJsrxvF4lIXkrgCzu9QTVPqOONSg+i
dQJYzvrv9r7E0AT7iSOzlBj3VUZqL3NktNb+4fOY9RwgRMdkBBi0ofykujSXeI2S
8OZlzBFtsPA=
=1WnU
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-7384:01 Critical: openssl-container security update

An update for openssl-container is now available for Red Hat Enterprise Linux 9

Summary

The ubi9/openssl image provides provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Using the OpenSSL tool, you can generate private keys, create certificate signing requests (CSRs), and display certificate information.
This updates the ubi9/openssl image in the Red Hat Container Registry.
To pull this container image, run one of the following commands:
podman pull registry.redhat.io/rhel9/openssl (authenticated) podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated)
Security Fix(es):
* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258For the update to take effect, all services linked to the OpenSSL librarymust be restarted, or the system rebooted.

References

https://access.redhat.com/security/cve/CVE-2022-3602 https://access.redhat.com/security/cve/CVE-2022-3786 https://access.redhat.com/security/updates/classification/#critical https://catalog.redhat.com/software/containers/search https://access.redhat.com/security/vulnerabilities/RHSB-2022-004

Package List

Severity
Advisory ID: RHSA-2022:7384-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7384
Issued Date: : 2022-11-02
CVE Names: CVE-2022-3602 CVE-2022-3786

Topic

An update for openssl-container is now available for Red Hat EnterpriseLinux 9.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2134869 - rebuild of openssl-container 9.0

2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.