Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat: RHSA-2023-2523-01 Low: OpenSSL Fix Impacting RHEL 9

red hat
Calendar Grey May 9, 2023
Dist Redhat Esm H88
A patch has been released for openssl in Red Hat Enterprise Linux 9. The security assessment has been categorized as low, accompanied by comprehensive corrective measures.
An update for openssl is now available for Red Hat Enterprise Linux 9

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Summary

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory security issue update bug fix Red Hat Enterprise Linux openssl low impact

References

https://access.redhat.com/security/cve/CVE-2022-3358 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 9):
aarch64: openssl-debuginfo-3.0.7-6.el9_2.aarch64.rpm openssl-debugsource-3.0.7-6.el9_2.aarch64.rpm openssl-devel-3.0.7-6.el9_2.aarch64.rpm openssl-libs-debuginfo-3.0.7-6.el9_2.aarch64.rpm openssl-perl-3.0.7-6.el9_2.aarch64.rpm
ppc64le: openssl-debuginfo-3.0.7-6.el9_2.ppc64le.rpm openssl-debugsource-3.0.7-6.el9_2.ppc64le.rpm openssl-devel-3.0.7-6.el9_2.ppc64le.rpm openssl-libs-debuginfo-3.0.7-6.el9_2.ppc64le.rpm openssl-perl-3.0.7-6.el9_2.ppc64le.rpm
s390x: openssl-debuginfo-3.0.7-6.el9_2.s390x.rpm openssl-debugsource-3.0.7-6.el9_2.s390x.rpm openssl-devel-3.0.7-6.el9_2.s390x.rpm openssl-libs-debuginfo-3.0.7-6.el9_2.s390x.rpm openssl-perl-3.0.7-6.el9_2.s390x.rpm
x86_64: openssl-debuginfo-3.0.7-6.el9_2.i686.rpm openssl-debuginfo-3.0.7-6.el9_2.x86_64.rpm openssl-debugsource-3.0.7-6.el9_2.i686.rpm openssl-debugsource-3.0.7-6.el9_2.x86_64.rpm openssl-devel-3.0.7-6.el9_2.i686.rpm openssl-devel-3.0.7-6.el9_2.x86_64.rpm openssl-libs-debuginfo-3.0.7-6.el9_2.i686.rpm openssl-libs-debuginfo-3.0.7-6.el9_2.x86_64.rpm openssl-perl-3.0.7-6.el9_2.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: openssl-3.0.7-6.el9_2.src.rpm
aarch64: openssl-3.0.7-6.el9_2.aarch64.rpm openssl-debuginfo-3.0.7-6.el9_2.aarch64.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:2523-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2523
Issue date: 2023-05-09

Topic

An update for openssl is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue update bug fix Red Hat Enterprise Linux openssl low impact

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

2060044 - PSK ciphersuites at SECLEVEL=3

2083879 - -Wimplicit-function-declaration when compiling FIPS_mode() function with clang

2094956 - Overriding default property query settings doesn't work for some operations (FIPS mode)

2128412 - stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake

2129063 - Rebase to the latest openssl 3.0.x series

2133809 - OPENSSL_strcasecmp versioning

2134740 - CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption

2136250 - HMAC generation should reject key lengths < 112 bits or provide an indicator in FIPS mode

2137557 - In FIPS mode, openssl should set a minimum length for passwords in PBKDF2

2141597 - FIPS self-test data for RSA-CRT contains incorrect parameters2141695 - In FIPS mode, openssl should reject KDF input and output key lengths < 112 bits or provide an indicator

2141748 - In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16

2142087 - In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator

2142121 - In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator

2142131 - In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator

2142517 - OpenSSL PKCS#11 provider compatibility

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here