ELSA-2023-12213

ELSA-2023-12213 - openssl security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2023-03-28

Description

[1:1.1.1k-9]
- Fixed Timing Oracle in RSA Decryption
Resolves: CVE-2022-4304
- Fixed Double free after calling PEM_read_bio_ex
Resolves: CVE-2022-4450
- Fixed Use-after-free following BIO_new_NDEF
Resolves: CVE-2023-0215
- Fixed X.400 address type confusion in X.509 GeneralName
Resolves: CVE-2023-0286

[1:1.1.1k-8]
- Fix no-ec build
Resolves: rhbz#2071020

Related CVEs

CVE-2023-0286

CVE-2023-0215

CVE-2022-4304

CVE-2022-4450

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 8 (aarch64)	openssl-1.1.1k-9.ksplice1.el8_7.src.rpm	053d64f9e979ccc8925e578817710072	-
	openssl-1.1.1k-9.ksplice1.el8_7.aarch64.rpm	4af2145835cb119da2750cd1705000a6	-
	openssl-debugsource-1.1.1k-9.ksplice1.el8_7.aarch64.rpm	fed82386f31e2f88a3a235a17c744c19	-
	openssl-devel-1.1.1k-9.ksplice1.el8_7.aarch64.rpm	852e31f6b9177c19ca8dd2ce8e125f8a	-
	openssl-libs-1.1.1k-9.ksplice1.el8_7.aarch64.rpm	a0f28a92fe41570ac5c45adc242ccb43	-
	openssl-perl-1.1.1k-9.ksplice1.el8_7.aarch64.rpm	154b824e4e058a4fc186093ad6c66e85	-
	openssl-static-1.1.1k-9.ksplice1.el8_7.aarch64.rpm	e343af40bd12346dc09f48ea753b7cf1	-
Oracle Linux 8 (x86_64)	openssl-1.1.1k-9.ksplice1.el8_7.src.rpm	2c28aa7335ba33449970053252c5453b	-
	openssl-1.1.1k-9.ksplice1.el8_7.x86_64.rpm	f2ebcd277c29156ddbcbf1fe881dc3a3	-
	openssl-devel-1.1.1k-9.ksplice1.el8_7.i686.rpm	ccd4a729c4ab25220830a235ee770d34	-
	openssl-devel-1.1.1k-9.ksplice1.el8_7.x86_64.rpm	0e3d1153505c1cdfbfd4cd3b0b2cf153	-
	openssl-libs-1.1.1k-9.ksplice1.el8_7.i686.rpm	731128d83aae98c2946f80e905eb9ba3	-
	openssl-libs-1.1.1k-9.ksplice1.el8_7.x86_64.rpm	77def791fb34e5eb2acc41ce85a0aa3e	-
	openssl-perl-1.1.1k-9.ksplice1.el8_7.x86_64.rpm	72aca1c8647f78346c76251530ecda50	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team