ELSA-2023-0946
- ULN >
- Oracle Linux Errata repository >
- ELSA-2023-0946
ELSA-2023-0946 - openssl security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2023-02-28 |
Description
[3.0.1-47.0.1]
- Replace upstream references [Orabug: 34340177]
[1:3.0.1-47]
- Fixed X.509 Name Constraints Read Buffer Overflow
Resolves: CVE-2022-4203
- Fixed Timing Oracle in RSA Decryption
Resolves: CVE-2022-4304
- Fixed Double free after calling PEM_read_bio_ex
Resolves: CVE-2022-4450
- Fixed Use-after-free following BIO_new_NDEF
Resolves: CVE-2023-0215
- Fixed Invalid pointer dereference in d2i_PKCS7 functions
Resolves: CVE-2023-0216
- Fixed NULL dereference validating DSA public key
Resolves: CVE-2023-0217
- Fixed X.400 address type confusion in X.509 GeneralName
Resolves: CVE-2023-0286
- Fixed NULL dereference during PKCS7 data verification
Resolves: CVE-2023-0401
[1:3.0.1-46]
- Refactor OpenSSL fips module MAC verification
Resolves: rhbz#2158412
- Disallow SHAKE in RSA-OAEP decryption in FIPS mode
Resolves: rhbz#2144010
[1:3.0.1-45]
- Add support of X25519 and X448 'group' parameter in EVP_PKEY_CTX objects
Resolves: rhbz#2149010
- Fix explicit indicator for PSS salt length in FIPS mode when used with
negative magic values
Resolves: rhbz#2144012
- Update change to default PSS salt length with patch state from upstream
Related: rhbz#2144012
[1:3.0.1-44]
- SHAKE-128/256 are not allowed with RSA in FIPS mode
Resolves: rhbz#2144010
- Avoid memory leaks in TLS
Resolves: rhbz#2144008
- FIPS RSA CRT tests must use correct parameters
Resolves: rhbz#2144006
- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
Resolves: rhbz#2144017
- Remove support for X9.31 signature padding in FIPS mode
Resolves: rhbz#2144015
- Add explicit indicator for SP 800-108 KDFs with short key lengths
Resolves: rhbz#2144019
- Add explicit indicator for HMAC with short key lengths
Resolves: rhbz#2144000
- Set minimum password length for PBKDF2 in FIPS mode
Resolves: rhbz#2144003
- Add explicit indicator for PSS salt length in FIPS mode
Resolves: rhbz#2144012
- Clamp default PSS salt length to digest size for FIPS 186-4 compliance
Related: rhbz#2144012
- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
Resolves: rhbz#2145170
Related CVEs
| CVE-2023-0401 |
| CVE-2022-4450 |
| CVE-2023-0216 |
| CVE-2023-0217 |
| CVE-2023-0286 |
| CVE-2022-4304 |
| CVE-2022-4203 |
| CVE-2023-0215 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 9 (aarch64) | openssl-3.0.1-47.0.1.el9_1.src.rpm | 3a987a9de294e7d1738cd88ecae7cee1 | - |
| openssl-3.0.1-47.0.1.el9_1.aarch64.rpm | aac6f5abcafcac7951557feb36088531 | - | |
| openssl-devel-3.0.1-47.0.1.el9_1.aarch64.rpm | b3aff5b3baa74fa2448e3fd27bbae329 | - | |
| openssl-libs-3.0.1-47.0.1.el9_1.aarch64.rpm | b7438908b467b8d95a5a8d7787addbf8 | - | |
| openssl-perl-3.0.1-47.0.1.el9_1.aarch64.rpm | 006ed84554f62e02dc855ae42640819a | - | |
| Oracle Linux 9 (x86_64) | openssl-3.0.1-47.0.1.el9_1.src.rpm | 3a987a9de294e7d1738cd88ecae7cee1 | - |
| openssl-3.0.1-47.0.1.el9_1.x86_64.rpm | e224cac422d147bd2a3ccaa28acf76d0 | - | |
| openssl-devel-3.0.1-47.0.1.el9_1.i686.rpm | f8dba78a16c2590c8686aa38782a9d11 | - | |
| openssl-devel-3.0.1-47.0.1.el9_1.x86_64.rpm | 411be4971c654a67cfc0fabb1b24a4bd | - | |
| openssl-libs-3.0.1-47.0.1.el9_1.i686.rpm | 5565bac51f7fc65b30b119cf5052fa2e | - | |
| openssl-libs-3.0.1-47.0.1.el9_1.x86_64.rpm | 111b34ae53961a859cb716e0f93229f6 | - | |
| openssl-perl-3.0.1-47.0.1.el9_1.x86_64.rpm | 879167506c9e37828ba2e8655be30330 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
