ELBA-2024-12341

ULN >
Oracle Linux Errata repository >
ELBA-2024-12341

ELBA-2024-12341 - openssl bug fix update

Type:	BUG
Severity:	NA
Release Date:	2024-04-23

Description

[1:3.0.7-25.0.1_fips]
- Replace upstream references in fips man pages [Orabug: 35824276]
- Add FIPS package change: add fips suffix to Release and
set Epoch to 10 [Orabug: 35824276]
- Update FIPS module name and remove upstream references from
fips_module_indicators manpage [Orabug: 35824276]

[1:3.0.7-25.0.1]
- Replace upstream references [Orabug: 34340177]

[1:3.0.7-25]
- Provide relevant diagnostics when FIPS checksum is corrupted
Resolves: RHEL-5317
- Don't limit using SHA1 in KDFs in non-FIPS mode.
Resolves: RHEL-5295
- Provide empty evp_properties section in main OpenSSL configuration file
Resolves: RHEL-11439
- Avoid implicit function declaration when building openssl
Resolves: RHEL-1780
- Forbid explicit curves when created via EVP_PKEY_fromdata
Resolves: RHEL-5304
- AES-SIV cipher implementation contains a bug that causes it to ignore empty
associated data entries (CVE-2023-2975)
Resolves: RHEL-5302
- Excessive time spent checking DH keys and parameters (CVE-2023-3446)
Resolves: RHEL-5306
- Excessive time spent checking DH q parameter value (CVE-2023-3817)
Resolves: RHEL-5308
- Fix incorrect cipher key and IV length processing (CVE-2023-5363)
Resolves: RHEL-13251
- Switch explicit FIPS indicator for RSA-OAEP to approved following
clarification with CMVP
Resolves: RHEL-14083
- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
Resolves: RHEL-14083
- Add missing ECDH Public Key Check in FIPS mode
Resolves: RHEL-15990
- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
Resolves: RHEL-15954

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	openssl-3.0.7-25.0.1.el9_3_fips.src.rpm	fc797e0d1b283da90b66bdd21e457ab3	-	ol9_aarch64_u3_security_validation
	openssl-3.0.7-25.0.1.el9_3_fips.aarch64.rpm	cb5726c652b819691ce436c2a5fa740d	-	ol9_aarch64_u3_security_validation
	openssl-devel-3.0.7-25.0.1.el9_3_fips.aarch64.rpm	d43e636200442824d496c0dd4429df32	-	ol9_aarch64_u3_security_validation
	openssl-libs-3.0.7-25.0.1.el9_3_fips.aarch64.rpm	988c36cae1362d02d4a2c0dce9ca5abe	-	ol9_aarch64_u3_security_validation
	openssl-perl-3.0.7-25.0.1.el9_3_fips.aarch64.rpm	e6e67da00ad23cd0cc04b6c42bb94c03	-	ol9_aarch64_u3_security_validation

Oracle Linux 9 (x86_64)	openssl-3.0.7-25.0.1.el9_3_fips.src.rpm	fc797e0d1b283da90b66bdd21e457ab3	-	ol9_x86_64_u3_security_validation
	openssl-3.0.7-25.0.1.el9_3_fips.x86_64.rpm	e591f9a7ffdbb4e98cac26677532d10b	-	ol9_x86_64_u3_security_validation
	openssl-devel-3.0.7-25.0.1.el9_3_fips.i686.rpm	c82f248efc5258ddafa24344290352a6	-	ol9_x86_64_u3_security_validation
	openssl-devel-3.0.7-25.0.1.el9_3_fips.x86_64.rpm	1f0c03fcb5e267dcffb9894a69931e93	-	ol9_x86_64_u3_security_validation
	openssl-libs-3.0.7-25.0.1.el9_3_fips.i686.rpm	62e9d09fa2472ecf985142c27e3bfcdd	-	ol9_x86_64_u3_security_validation
	openssl-libs-3.0.7-25.0.1.el9_3_fips.x86_64.rpm	468753463e9f49caea0b3a81122d3e13	-	ol9_x86_64_u3_security_validation
	openssl-perl-3.0.7-25.0.1.el9_3_fips.x86_64.rpm	a80c74919cb4151998151c7f83c95485	-	ol9_x86_64_u3_security_validation

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691