Rocky Linux: RLSA-2022:6224 openssl security and bug fix update | ...
{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:6224","synopsis":"Moderate: openssl security and bug fix update","severity":"SEVERITY_MODERATE","topic":"An update for openssl is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2080323","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2080323","description":"openssl occasionally sends internal error to gnutls when using FFDHE [rhel-9.0.0.z]"},{"ticket":"2081494","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2081494","description":"CVE-2022-1292 openssl: c_rehash script allows command injection"},{"ticket":"2082584","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2082584","description":"OpenSSL FIPS module should not build in non-approved algorithms [rhel-9.0.0.z]"},{"ticket":"2082585","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2082585","description":"Change FIPS module version to include hash of specfile, patches and sources [rhel-9.0.0.z]"},{"ticket":"2085499","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085499","description":"openssl req defaults to 3DES [rhel-9.0.0.z]"},{"ticket":"2085500","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085500","description":"Specifying the openssl config file explicitly causes provider initialisation to fail in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2085521","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085521","description":"OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2086554","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2086554","description":"openssl s_server -groups secp256k1 in FIPS fails because X25519\/X448 [rhel-9.0.0.z]"},{"ticket":"2086866","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2086866","description":"Converting FIPS power-on self test to KAT [rhel-9.0.0.z]"},{"ticket":"2087234","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087234","description":"openssl in FIPS mode verifies SHA-1 signatures, but should not [rhel-9.0.0.z]"},{"ticket":"2087911","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087911","description":"CVE-2022-1343 openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS"},{"ticket":"2087913","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087913","description":"CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory"},{"ticket":"2091938","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091938","description":"Small RSA keys work for some operations in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2091977","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091977","description":"FIPS provider doesn't block RSA encryption for key transport [rhel-9.0.0.z]"},{"ticket":"2091994","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091994","description":"Incomplete filtering of ciphersuites in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2095696","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2095696","description":"OpenSSL testsuite certificates expired [rhel-9.0.0.z]"},{"ticket":"2097310","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2097310","description":"CVE-2022-2068 openssl: the c_rehash script allows command injection"},{"ticket":"2101346","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2101346","description":"PPC 64 Montgomery mult is buggy [rhel-9.0.0.z]"},{"ticket":"2104905","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2104905","description":"CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes"},{"ticket":"2107530","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107530","description":"sscg FTBFS in rhel-9.1 [rhel-9.0.0.z]"},{"ticket":"2112978","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2112978","description":"[FIPS lab review] self-test [rhel-9.0.0.z]"},{"ticket":"2115856","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115856","description":"[FIPS lab review] DH tuning [rhel-9.0.0.z]"},{"ticket":"2115857","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115857","description":"[FIPS lab review] EC tuning [rhel-9.0.0.z]"},{"ticket":"2115858","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115858","description":"[FIPS lab review] RSA tuning [rhel-9.0.0.z]"},{"ticket":"2115859","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115859","description":"[FIPS lab review] RAND tuning [rhel-9.0.0.z]"},{"ticket":"2115861","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115861","description":"[FIPS lab review] zeroization [rhel-9.0.0.z]"},{"ticket":"2118388","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2118388","description":"[FIPS lab review] HKDF limitations [rhel-9.0.0.z]"}],"cves":[{"name":"CVE-2022-2068","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-2068.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"6.7","cwe":"CWE-77"}],"references":[],"publishedAt":"2023-01-25T21:21:29.199409Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2022:6224 openssl security and bug fix update

January 25, 2023

Summary


RPMs

References

CVEs

Severity

Fixes


We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.