ELSA-2022-4899

ELSA-2022-4899 - compat-openssl11 security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-06-30

Description

[1:1.1.1k-4.0.1]
- Backport upstream PRs 18446 and 18481 which update
certificates used for the self-tests [Orabug: 34326055]

[1:1.1.1k-4]
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Resolves: rhbz#2063147
- Disable FIPS mode; it does not work and will not be certified
Resolves: rhbz#2091968

Related CVEs

CVE-2022-0778

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	compat-openssl11-1.1.1k-4.0.1.el9_0.src.rpm	eba55c446b4fccb802b79c3af3acf4a8afc897d4c29bea5aecd446f0159c4861	-	ol9_aarch64_appstream
	compat-openssl11-1.1.1k-4.0.1.el9_0.src.rpm	eba55c446b4fccb802b79c3af3acf4a8afc897d4c29bea5aecd446f0159c4861	-	ol9_aarch64_appstream_developer
	compat-openssl11-1.1.1k-4.0.1.el9_0.aarch64.rpm	b44f5a11523097d768ea5dacae48b7013c2c185ffd558f96f1adef42e3331e62	-	ol9_aarch64_appstream
	compat-openssl11-1.1.1k-4.0.1.el9_0.aarch64.rpm	b44f5a11523097d768ea5dacae48b7013c2c185ffd558f96f1adef42e3331e62	-	ol9_aarch64_appstream_developer
Oracle Linux 9 (x86_64)	compat-openssl11-1.1.1k-4.0.1.el9_0.src.rpm	eba55c446b4fccb802b79c3af3acf4a8afc897d4c29bea5aecd446f0159c4861	-	ol9_x86_64_appstream
	compat-openssl11-1.1.1k-4.0.1.el9_0.src.rpm	eba55c446b4fccb802b79c3af3acf4a8afc897d4c29bea5aecd446f0159c4861	-	ol9_x86_64_appstream_developer
	compat-openssl11-1.1.1k-4.0.1.el9_0.i686.rpm	7f89d2f5212eeeb2b31778e68f24f2375752df13b8e91cefc95b319b6f619c5c	-	ol9_x86_64_appstream
	compat-openssl11-1.1.1k-4.0.1.el9_0.i686.rpm	7f89d2f5212eeeb2b31778e68f24f2375752df13b8e91cefc95b319b6f619c5c	-	ol9_x86_64_appstream_developer
	compat-openssl11-1.1.1k-4.0.1.el9_0.x86_64.rpm	b6902268e800dfc10d35a26738531838cc60c60ff6b9cc99d71c86d57205e242	-	ol9_x86_64_appstream
	compat-openssl11-1.1.1k-4.0.1.el9_0.x86_64.rpm	b6902268e800dfc10d35a26738531838cc60c60ff6b9cc99d71c86d57205e242	-	ol9_x86_64_appstream_developer

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team