Stay Connected:

ELSA-2023-0946

ELSA-2023-0946 - openssl security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2023-02-28

Description


[3.0.1-47.0.1]
- Replace upstream references [Orabug: 34340177]

[1:3.0.1-47]
- Fixed X.509 Name Constraints Read Buffer Overflow
Resolves: CVE-2022-4203
- Fixed Timing Oracle in RSA Decryption
Resolves: CVE-2022-4304
- Fixed Double free after calling PEM_read_bio_ex
Resolves: CVE-2022-4450
- Fixed Use-after-free following BIO_new_NDEF
Resolves: CVE-2023-0215
- Fixed Invalid pointer dereference in d2i_PKCS7 functions
Resolves: CVE-2023-0216
- Fixed NULL dereference validating DSA public key
Resolves: CVE-2023-0217
- Fixed X.400 address type confusion in X.509 GeneralName
Resolves: CVE-2023-0286
- Fixed NULL dereference during PKCS7 data verification
Resolves: CVE-2023-0401

[1:3.0.1-46]
- Refactor OpenSSL fips module MAC verification
Resolves: rhbz#2158412
- Disallow SHAKE in RSA-OAEP decryption in FIPS mode
Resolves: rhbz#2144010

[1:3.0.1-45]
- Add support of X25519 and X448 'group' parameter in EVP_PKEY_CTX objects
Resolves: rhbz#2149010
- Fix explicit indicator for PSS salt length in FIPS mode when used with
negative magic values
Resolves: rhbz#2144012
- Update change to default PSS salt length with patch state from upstream
Related: rhbz#2144012

[1:3.0.1-44]
- SHAKE-128/256 are not allowed with RSA in FIPS mode
Resolves: rhbz#2144010
- Avoid memory leaks in TLS
Resolves: rhbz#2144008
- FIPS RSA CRT tests must use correct parameters
Resolves: rhbz#2144006
- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
Resolves: rhbz#2144017
- Remove support for X9.31 signature padding in FIPS mode
Resolves: rhbz#2144015
- Add explicit indicator for SP 800-108 KDFs with short key lengths
Resolves: rhbz#2144019
- Add explicit indicator for HMAC with short key lengths
Resolves: rhbz#2144000
- Set minimum password length for PBKDF2 in FIPS mode
Resolves: rhbz#2144003
- Add explicit indicator for PSS salt length in FIPS mode
Resolves: rhbz#2144012
- Clamp default PSS salt length to digest size for FIPS 186-4 compliance
Related: rhbz#2144012
- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
Resolves: rhbz#2145170


Related CVEs


CVE-2023-0401
CVE-2022-4450
CVE-2023-0216
CVE-2022-4304
CVE-2023-0217
CVE-2022-4203
CVE-2023-0215
CVE-2023-0286

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) openssl-3.0.1-47.0.1.el9_1.src.rpmaeb8ab82cdf9210d041b640ae472ab007ae6d9363776d0a7d09213f9807b8660-ol9_aarch64_appstream
openssl-3.0.1-47.0.1.el9_1.src.rpmaeb8ab82cdf9210d041b640ae472ab007ae6d9363776d0a7d09213f9807b8660-ol9_aarch64_baseos_latest
openssl-3.0.1-47.0.1.el9_1.src.rpmaeb8ab82cdf9210d041b640ae472ab007ae6d9363776d0a7d09213f9807b8660-ol9_aarch64_u1_baseos_patch
openssl-3.0.1-47.0.1.el9_1.aarch64.rpmdccdf846da62bd8ac1108942df6b5e8b7115043e3f31aad49989bf021b1f62f6-ol9_aarch64_baseos_latest
openssl-3.0.1-47.0.1.el9_1.aarch64.rpmdccdf846da62bd8ac1108942df6b5e8b7115043e3f31aad49989bf021b1f62f6-ol9_aarch64_u1_baseos_patch
openssl-devel-3.0.1-47.0.1.el9_1.aarch64.rpma53543280f8aabf27f0e63a55855d69c2ec86559ccd60d2e140f10babcd30301-ol9_aarch64_appstream
openssl-libs-3.0.1-47.0.1.el9_1.aarch64.rpm6c5e5918a8790bf3ff7fe81f0475aa81d0c93329faffc569ebdbecde47aea45e-ol9_aarch64_baseos_latest
openssl-libs-3.0.1-47.0.1.el9_1.aarch64.rpm6c5e5918a8790bf3ff7fe81f0475aa81d0c93329faffc569ebdbecde47aea45e-ol9_aarch64_u1_baseos_patch
openssl-perl-3.0.1-47.0.1.el9_1.aarch64.rpmc46911df7ef50c793137e6c6784526660026c6689071cb5193037a7adcf956cd-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) openssl-3.0.1-47.0.1.el9_1.src.rpmaeb8ab82cdf9210d041b640ae472ab007ae6d9363776d0a7d09213f9807b8660-ol9_x86_64_appstream
openssl-3.0.1-47.0.1.el9_1.src.rpmaeb8ab82cdf9210d041b640ae472ab007ae6d9363776d0a7d09213f9807b8660-ol9_x86_64_baseos_latest
openssl-3.0.1-47.0.1.el9_1.src.rpmaeb8ab82cdf9210d041b640ae472ab007ae6d9363776d0a7d09213f9807b8660-ol9_x86_64_u1_baseos_patch
openssl-3.0.1-47.0.1.el9_1.x86_64.rpmc59692751b158d08636dacfbde6447fb5dadd6795161d5eb837ccfd7966cdab4-ol9_x86_64_baseos_latest
openssl-3.0.1-47.0.1.el9_1.x86_64.rpmc59692751b158d08636dacfbde6447fb5dadd6795161d5eb837ccfd7966cdab4-ol9_x86_64_u1_baseos_patch
openssl-devel-3.0.1-47.0.1.el9_1.i686.rpmc71766ef79674dd1aa2904f593a0d074596350dafa6299c5becc13351eaa8145-ol9_x86_64_appstream
openssl-devel-3.0.1-47.0.1.el9_1.x86_64.rpmddf539462e0eb03612ab3446d671978d0c04839ce226b619b48670e8f6aa2fd5-ol9_x86_64_appstream
openssl-libs-3.0.1-47.0.1.el9_1.i686.rpmda6a89eedc2100a14831bb61de6d711d492873a58b7c727b6cc9820756e3ba30-ol9_x86_64_baseos_latest
openssl-libs-3.0.1-47.0.1.el9_1.i686.rpmda6a89eedc2100a14831bb61de6d711d492873a58b7c727b6cc9820756e3ba30-ol9_x86_64_u1_baseos_patch
openssl-libs-3.0.1-47.0.1.el9_1.x86_64.rpm217f491f46c46ac36fd390b423832b9e2a6129ab4e1f8ad9804c9880d81d1f3f-ol9_x86_64_baseos_latest
openssl-libs-3.0.1-47.0.1.el9_1.x86_64.rpm217f491f46c46ac36fd390b423832b9e2a6129ab4e1f8ad9804c9880d81d1f3f-ol9_x86_64_u1_baseos_patch
openssl-perl-3.0.1-47.0.1.el9_1.x86_64.rpmafb3dbc83cbde4dbc4851d45ae584b83616879074bf872a0e1fe81f096396b39-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights