ELSA-2021-4424
- ULN >
- Oracle Linux Errata repository >
- ELSA-2021-4424
ELSA-2021-4424 - openssl security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2021-11-16 |
Description
[1:1.1.1k-4]
- Fixes bugs in s390x AES code.
- Uses the first detected address family if IPv6 is not available
- Reverts the changes in https://github.com/openssl/openssl/pull/13305
as it introduces a regression if server has a DSA key pair, the handshake fails
when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
it has an effect on the 'ssl_reject_handshake' feature in nginx. Although, this feature
will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
known - https://trac.nginx.org/nginx/ticket/2071#comment:1
As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx
could early callback instead of servername callback.
- Resolves: rhbz#1978214
- Related: rhbz#1934534
[1:1.1.1k-3]
- Cleansup the peer point formats on renegotiation
- Resolves rhbz#1965362
[1:1.1.1k-2]
- Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085
- Using safe primes for FIPS DH self-test
[1.1.1k-1]
- Update to version 1.1.1k
[1.1.1g-16]
- Use AI_ADDRCONFIG only when explicit host name is given
- Allow only curves defined in RFC 8446 in TLS 1.3
Related CVEs
| CVE-2021-23840 |
| CVE-2021-23841 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 8 (aarch64) | openssl-1.1.1k-4.el8.src.rpm | 071476e495b3b0954161ea654221be6e | - |
| openssl-1.1.1k-4.el8.aarch64.rpm | 75e69e62fb222bd93bb35688bdc9704f | - | |
| openssl-devel-1.1.1k-4.el8.aarch64.rpm | 71f78971b880fc63d1aaa1a841558792 | - | |
| openssl-libs-1.1.1k-4.el8.aarch64.rpm | b740717e414dc485df548ee6dd410760 | - | |
| openssl-perl-1.1.1k-4.el8.aarch64.rpm | a72b504d026a9159445d735ab5c3da99 | - | |
| Oracle Linux 8 (x86_64) | openssl-1.1.1k-4.el8.src.rpm | 071476e495b3b0954161ea654221be6e | - |
| openssl-1.1.1k-4.el8.x86_64.rpm | ea6a38aa550a55d332ba56271408ea63 | - | |
| openssl-devel-1.1.1k-4.el8.i686.rpm | 8e3a2c280c812defa1dc9d4faf5edd85 | - | |
| openssl-devel-1.1.1k-4.el8.x86_64.rpm | 9bbbe8e09e8fe8de98720f00433912a3 | - | |
| openssl-libs-1.1.1k-4.el8.i686.rpm | 4de39494c617b73a601ba0cc2fb85b90 | - | |
| openssl-libs-1.1.1k-4.el8.x86_64.rpm | 3bd59b20846e156e336c7d7458a887e7 | - | |
| openssl-perl-1.1.1k-4.el8.x86_64.rpm | d84b7d6fea70dde1df2163578117f254 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
