{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:6224","synopsis":"Moderate: openssl security and bug fix update","severity":"SEVERITY_MODERATE","topic":"An update for openssl is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2080323","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2080323","description":"openssl occasionally sends internal error to gnutls when using FFDHE [rhel-9.0.0.z]"},{"ticket":"2081494","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2081494","description":"CVE-2022-1292 openssl: c_rehash script allows command injection"},{"ticket":"2082584","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2082584","description":"OpenSSL FIPS module should not build in non-approved algorithms [rhel-9.0.0.z]"},{"ticket":"2082585","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2082585","description":"Change FIPS module version to include hash of specfile, patches and sources [rhel-9.0.0.z]"},{"ticket":"2085499","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085499","description":"openssl req defaults to 3DES [rhel-9.0.0.z]"},{"ticket":"2085500","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085500","description":"Specifying the openssl config file explicitly causes provider initialisation to fail in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2085521","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085521","description":"OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2086554","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2086554","description":"openssl s_server -groups secp256k1 in FIPS fails because X25519\/X448 [rhel-9.0.0.z]"},{"ticket":"2086866","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2086866","description":"Converting FIPS power-on self test to KAT [rhel-9.0.0.z]"},{"ticket":"2087234","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087234","description":"openssl in FIPS mode verifies SHA-1 signatures, but should not [rhel-9.0.0.z]"},{"ticket":"2087911","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087911","description":"CVE-2022-1343 openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS"},{"ticket":"2087913","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087913","description":"CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory"},{"ticket":"2091938","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091938","description":"Small RSA keys work for some operations in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2091977","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091977","description":"FIPS provider doesn't block RSA encryption for key transport [rhel-9.0.0.z]"},{"ticket":"2091994","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091994","description":"Incomplete filtering of ciphersuites in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2095696","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2095696","description":"OpenSSL testsuite certificates expired [rhel-9.0.0.z]"},{"ticket":"2097310","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2097310","description":"CVE-2022-2068 openssl: the c_rehash script allows command injection"},{"ticket":"2101346","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2101346","description":"PPC 64 Montgomery mult is buggy [rhel-9.0.0.z]"},{"ticket":"2104905","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2104905","description":"CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes"},{"ticket":"2107530","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107530","description":"sscg FTBFS in rhel-9.1 [rhel-9.0.0.z]"},{"ticket":"2112978","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2112978","description":"[FIPS lab review] self-test [rhel-9.0.0.z]"},{"ticket":"2115856","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115856","description":"[FIPS lab review] DH tuning [rhel-9.0.0.z]"},{"ticket":"2115857","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115857","description":"[FIPS lab review] EC tuning [rhel-9.0.0.z]"},{"ticket":"2115858","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115858","description":"[FIPS lab review] RSA tuning [rhel-9.0.0.z]"},{"ticket":"2115859","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115859","description":"[FIPS lab review] RAND tuning [rhel-9.0.0.z]"},{"ticket":"2115861","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115861","description":"[FIPS lab review] zeroization [rhel-9.0.0.z]"},{"ticket":"2118388","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2118388","description":"[FIPS lab review] HKDF limitations [rhel-9.0.0.z]"}],"cves":[{"name":"CVE-2022-2068","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-2068.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"6.7","cwe":"CWE-77"}],"references":[],"publishedAt":"2023-01-25T21:21:29.199409Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2022:6224 openssl security and bug fix update

January 25, 2023
An update for openssl is now available for Rocky Linux 9. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate

Summary

An update for openssl is now available for Rocky Linux 9. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.


OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RPMs

References

No References

CVEs

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json

Severity
Name: RLSA-2022:6224
Affected Products: Rocky Linux 9

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2080323

https://bugzilla.redhat.com/show_bug.cgi?id=2081494

https://bugzilla.redhat.com/show_bug.cgi?id=2082584

https://bugzilla.redhat.com/show_bug.cgi?id=2082585

https://bugzilla.redhat.com/show_bug.cgi?id=2085499

https://bugzilla.redhat.com/show_bug.cgi?id=2085500

https://bugzilla.redhat.com/show_bug.cgi?id=2085521

https://bugzilla.redhat.com/show_bug.cgi?id=2086554

https://bugzilla.redhat.com/show_bug.cgi?id=2086866

https://bugzilla.redhat.com/show_bug.cgi?id=2087234

https://bugzilla.redhat.com/show_bug.cgi?id=2087911

https://bugzilla.redhat.com/show_bug.cgi?id=2087913

https://bugzilla.redhat.com/show_bug.cgi?id=2091938

https://bugzilla.redhat.com/show_bug.cgi?id=2091977

https://bugzilla.redhat.com/show_bug.cgi?id=2091994

https://bugzilla.redhat.com/show_bug.cgi?id=2095696

https://bugzilla.redhat.com/show_bug.cgi?id=2097310

https://bugzilla.redhat.com/show_bug.cgi?id=2101346

https://bugzilla.redhat.com/show_bug.cgi?id=2104905

https://bugzilla.redhat.com/show_bug.cgi?id=2107530

https://bugzilla.redhat.com/show_bug.cgi?id=2112978

https://bugzilla.redhat.com/show_bug.cgi?id=2115856

https://bugzilla.redhat.com/show_bug.cgi?id=2115857

https://bugzilla.redhat.com/show_bug.cgi?id=2115858

https://bugzilla.redhat.com/show_bug.cgi?id=2115859

https://bugzilla.redhat.com/show_bug.cgi?id=2115861

https://bugzilla.redhat.com/show_bug.cgi?id=2118388


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved