RedHat: RHSA-2022-7384:01 Critical: openssl-container security update
Summary
The ubi9/openssl image provides provides an openssl command-line tool for
using the various functions of the OpenSSL crypto library. Using the
OpenSSL tool, you can generate private keys, create certificate signing
requests (CSRs), and display certificate information.
This updates the ubi9/openssl image in the Red Hat Container Registry.
To pull this container image, run one of the following commands:
podman pull registry.redhat.io/rhel9/openssl (authenticated)
podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated)
Security Fix(es):
* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.
References
https://access.redhat.com/security/cve/CVE-2022-3602 https://access.redhat.com/security/cve/CVE-2022-3786 https://access.redhat.com/security/updates/classification/#critical https://catalog.redhat.com/search https://access.redhat.com/security/vulnerabilities/RHSB-2022-004
Package List
Topic
An update for openssl-container is now available for Red Hat EnterpriseLinux 9.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2134869 - rebuild of openssl-container 9.0
2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow