Stay Connected:

ELSA-2021-4424

ELSA-2021-4424 - openssl security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2021-11-16

Description


[1:1.1.1k-4]
- Fixes bugs in s390x AES code.
- Uses the first detected address family if IPv6 is not available
- Reverts the changes in https://github.com/openssl/openssl/pull/13305
as it introduces a regression if server has a DSA key pair, the handshake fails
when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
it has an effect on the 'ssl_reject_handshake' feature in nginx. Although, this feature
will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
known - https://trac.nginx.org/nginx/ticket/2071#comment:1
As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx
could early callback instead of servername callback.
- Resolves: rhbz#1978214
- Related: rhbz#1934534

[1:1.1.1k-3]
- Cleansup the peer point formats on renegotiation
- Resolves rhbz#1965362

[1:1.1.1k-2]
- Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085
- Using safe primes for FIPS DH self-test

[1.1.1k-1]
- Update to version 1.1.1k

[1.1.1g-16]
- Use AI_ADDRCONFIG only when explicit host name is given
- Allow only curves defined in RFC 8446 in TLS 1.3


Related CVEs


CVE-2021-23840
CVE-2021-23841

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) openssl-1.1.1k-4.el8.src.rpm3675e771b45ffab32bd16e8e434bc125bd98461ce1d874a4f29adbf4ff29a541-ol8_aarch64_baseos_latest
openssl-1.1.1k-4.el8.src.rpm3675e771b45ffab32bd16e8e434bc125bd98461ce1d874a4f29adbf4ff29a541-ol8_aarch64_u5_baseos_base
openssl-1.1.1k-4.el8.aarch64.rpma748acde99a0d2ad548e92404bab5a70d38e108c621a4691242674bf836b76c5-ol8_aarch64_baseos_latest
openssl-1.1.1k-4.el8.aarch64.rpma748acde99a0d2ad548e92404bab5a70d38e108c621a4691242674bf836b76c5-ol8_aarch64_u5_baseos_base
openssl-devel-1.1.1k-4.el8.aarch64.rpm9350b47a1b817096c9b191ad9cb75b5330870ffa11065122166c053ff11544a2-ol8_aarch64_baseos_latest
openssl-devel-1.1.1k-4.el8.aarch64.rpm9350b47a1b817096c9b191ad9cb75b5330870ffa11065122166c053ff11544a2-ol8_aarch64_u5_baseos_base
openssl-libs-1.1.1k-4.el8.aarch64.rpmd0b7ad1acc951ef9aa069add6e60e103c9f15be9514180e01edb839d5861d743-ol8_aarch64_baseos_latest
openssl-libs-1.1.1k-4.el8.aarch64.rpmd0b7ad1acc951ef9aa069add6e60e103c9f15be9514180e01edb839d5861d743-ol8_aarch64_u5_baseos_base
openssl-perl-1.1.1k-4.el8.aarch64.rpmc3722757fcd9d0aca64597d19099cfef19dd8f0ebff7b565c44c77302903ca04-ol8_aarch64_baseos_latest
openssl-perl-1.1.1k-4.el8.aarch64.rpmc3722757fcd9d0aca64597d19099cfef19dd8f0ebff7b565c44c77302903ca04-ol8_aarch64_u5_baseos_base
Oracle Linux 8 (x86_64) openssl-1.1.1k-4.el8.src.rpm3675e771b45ffab32bd16e8e434bc125bd98461ce1d874a4f29adbf4ff29a541-ol8_x86_64_baseos_latest
openssl-1.1.1k-4.el8.src.rpm3675e771b45ffab32bd16e8e434bc125bd98461ce1d874a4f29adbf4ff29a541-ol8_x86_64_u5_baseos_base
openssl-1.1.1k-4.el8.x86_64.rpmcc8be6b4c4b1a10f3d551eb33b3016947f30b0f30f5cf410941b9765641d6fbd-ol8_x86_64_baseos_latest
openssl-1.1.1k-4.el8.x86_64.rpmcc8be6b4c4b1a10f3d551eb33b3016947f30b0f30f5cf410941b9765641d6fbd-ol8_x86_64_u5_baseos_base
openssl-devel-1.1.1k-4.el8.i686.rpmafa50bdbdd5fdca1839d867e8f58f52095af062e51adee0b1cfb815a964c67cd-ol8_x86_64_baseos_latest
openssl-devel-1.1.1k-4.el8.i686.rpmafa50bdbdd5fdca1839d867e8f58f52095af062e51adee0b1cfb815a964c67cd-ol8_x86_64_u5_baseos_base
openssl-devel-1.1.1k-4.el8.x86_64.rpm3e065f375941a27cf90012c3974420075fceec29809909c075943d13b75b41d5-ol8_x86_64_baseos_latest
openssl-devel-1.1.1k-4.el8.x86_64.rpm3e065f375941a27cf90012c3974420075fceec29809909c075943d13b75b41d5-ol8_x86_64_u5_baseos_base
openssl-libs-1.1.1k-4.el8.i686.rpm9b3177c809fec07d51cf45058d1b61bfa71404823073e41ec21b51952e63302b-ol8_x86_64_baseos_latest
openssl-libs-1.1.1k-4.el8.i686.rpm9b3177c809fec07d51cf45058d1b61bfa71404823073e41ec21b51952e63302b-ol8_x86_64_u5_baseos_base
openssl-libs-1.1.1k-4.el8.x86_64.rpm0706fb60244866a5fb79450731f2813e863b4ab6e95397f5d44c548f5b6bd809-ol8_x86_64_baseos_latest
openssl-libs-1.1.1k-4.el8.x86_64.rpm0706fb60244866a5fb79450731f2813e863b4ab6e95397f5d44c548f5b6bd809-ol8_x86_64_u5_baseos_base
openssl-perl-1.1.1k-4.el8.x86_64.rpm4cf484e84b4fe46529d18d8489da043c5b1cc3a11abcacf4c735e0362ba633fb-ol8_x86_64_baseos_latest
openssl-perl-1.1.1k-4.el8.x86_64.rpm4cf484e84b4fe46529d18d8489da043c5b1cc3a11abcacf4c735e0362ba633fb-ol8_x86_64_u5_baseos_base



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights