ELSA-2021-4424

ELSA-2021-4424 - openssl security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2021-11-16

Description


[1:1.1.1k-4]
- Fixes bugs in s390x AES code.
- Uses the first detected address family if IPv6 is not available
- Reverts the changes in https://github.com/openssl/openssl/pull/13305
as it introduces a regression if server has a DSA key pair, the handshake fails
when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
it has an effect on the 'ssl_reject_handshake' feature in nginx. Although, this feature
will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
known - https://trac.nginx.org/nginx/ticket/2071#comment:1
As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx
could early callback instead of servername callback.
- Resolves: rhbz#1978214
- Related: rhbz#1934534

[1:1.1.1k-3]
- Cleansup the peer point formats on renegotiation
- Resolves rhbz#1965362

[1:1.1.1k-2]
- Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085
- Using safe primes for FIPS DH self-test

[1.1.1k-1]
- Update to version 1.1.1k

[1.1.1g-16]
- Use AI_ADDRCONFIG only when explicit host name is given
- Allow only curves defined in RFC 8446 in TLS 1.3


Related CVEs


CVE-2021-23840
CVE-2021-23841

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) openssl-1.1.1k-4.el8.src.rpm071476e495b3b0954161ea654221be6e-
openssl-1.1.1k-4.el8.aarch64.rpm75e69e62fb222bd93bb35688bdc9704f-
openssl-devel-1.1.1k-4.el8.aarch64.rpm71f78971b880fc63d1aaa1a841558792-
openssl-libs-1.1.1k-4.el8.aarch64.rpmb740717e414dc485df548ee6dd410760-
openssl-perl-1.1.1k-4.el8.aarch64.rpma72b504d026a9159445d735ab5c3da99-
Oracle Linux 8 (x86_64) openssl-1.1.1k-4.el8.src.rpm071476e495b3b0954161ea654221be6e-
openssl-1.1.1k-4.el8.x86_64.rpmea6a38aa550a55d332ba56271408ea63-
openssl-devel-1.1.1k-4.el8.i686.rpm8e3a2c280c812defa1dc9d4faf5edd85-
openssl-devel-1.1.1k-4.el8.x86_64.rpm9bbbe8e09e8fe8de98720f00433912a3-
openssl-libs-1.1.1k-4.el8.i686.rpm4de39494c617b73a601ba0cc2fb85b90-
openssl-libs-1.1.1k-4.el8.x86_64.rpm3bd59b20846e156e336c7d7458a887e7-
openssl-perl-1.1.1k-4.el8.x86_64.rpmd84b7d6fea70dde1df2163578117f254-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete