ELSA-2021-9561
- ULN >
- Oracle Linux Errata repository >
- ELSA-2021-9561
ELSA-2021-9561 - openssl security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2021-11-23 |
Description
[1:1.1.1k-4]
- Fixes bugs in s390x AES code.
- Uses the first detected address family if IPv6 is not available
- Reverts the changes in https://github.com/openssl/openssl/pull/13305
as it introduces a regression if server has a DSA key pair, the handshake fails
when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
it has an effect on the 'ssl_reject_handshake' feature in nginx. Although, this feature
will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
known - https://trac.nginx.org/nginx/ticket/2071#comment:1
As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx
could early callback instead of servername callback.
- Resolves: rhbz#1978214
- Related: rhbz#1934534
[1:1.1.1k-3]
- Cleansup the peer point formats on renegotiation
- Resolves rhbz#1965362
[1:1.1.1k-2]
- Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085
- Using safe primes for FIPS DH self-test
[1.1.1k-1]
- Update to version 1.1.1k
[1.1.1g-16]
- Use AI_ADDRCONFIG only when explicit host name is given
- Allow only curves defined in RFC 8446 in TLS 1.3
Related CVEs
| CVE-2021-23840 |
| CVE-2021-23841 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 8 (aarch64) | openssl-1.1.1k-4.ksplice1.el8.src.rpm | 176cb0b771d8d2a3654d4d60992d9dc0 | - |
| openssl-1.1.1k-4.ksplice1.el8.aarch64.rpm | fe2e4be7a82d51ea896556543fdce73b | - | |
| openssl-debugsource-1.1.1k-4.ksplice1.el8.aarch64.rpm | 6a322424ed2089a0c4eeb934120ad4ab | - | |
| openssl-devel-1.1.1k-4.ksplice1.el8.aarch64.rpm | 80b2354ef81a866ef51459b29aa9b0ef | - | |
| openssl-libs-1.1.1k-4.ksplice1.el8.aarch64.rpm | a1b6976fa9f4d63bb8943028406913cc | - | |
| openssl-perl-1.1.1k-4.ksplice1.el8.aarch64.rpm | 4f2b3f520dc7aa24b97bc64323f3c87e | - | |
| openssl-static-1.1.1k-4.ksplice1.el8.aarch64.rpm | 3e2dc7bb6933a1c6ac9cb6bdd7401698 | - | |
| Oracle Linux 8 (x86_64) | openssl-1.1.1k-4.ksplice1.el8.src.rpm | 47eaeadccf08303b74077b9c98c636b1 | - |
| openssl-1.1.1k-4.ksplice1.el8.x86_64.rpm | ec8a20fb24d306eb29b6d345e8c34c02 | - | |
| openssl-devel-1.1.1k-4.ksplice1.el8.i686.rpm | c1e3991ad1b503ce3be45b3129bb766a | - | |
| openssl-devel-1.1.1k-4.ksplice1.el8.x86_64.rpm | b1f1e47b288724bb1b3db272f35f66eb | - | |
| openssl-libs-1.1.1k-4.ksplice1.el8.i686.rpm | 4144de701c2c90475eeb997018f594b1 | - | |
| openssl-libs-1.1.1k-4.ksplice1.el8.x86_64.rpm | 617cd6ac8cb6656988b9b41a9e6d8813 | - | |
| openssl-perl-1.1.1k-4.ksplice1.el8.x86_64.rpm | 7225bb0f0c7c3988942c5d9536633262 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
