ELSA-2023-3722
- ULN >
- Oracle Linux Errata repository >
- ELSA-2023-3722
ELSA-2023-3722 - openssl security and bug fix update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2023-06-22 |
Description
[3.0.7-16.0.1]
- Replace upstream references [Orabug: 34340177]
[1:3.0.7-16]
- Fix possible DoS translating ASN.1 object identifiers
Resolves: CVE-2023-2650
- Release the DRBG in global default libctx early
Resolves: rhbz#2211396
[1:3.0.7-15.1]
- Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode
Resolves: rhbz#2178030
[1:3.0.7-15]
- Enforce using EMS in FIPS mode - alerts tuning
Related: rhbz#2157951
[1:3.0.7-14]
- Input buffer over-read in AES-XTS implementation on 64 bit ARM
Resolves: rhbz#2188554
[1:3.0.7-13]
- Enforce using EMS in FIPS mode
Resolves: rhbz#2157951
- Fix excessive resource usage in verifying X509 policy constraints
Resolves: rhbz#2186661
- Fix invalid certificate policies in leaf certificates check
Resolves: rhbz#2187429
- Certificate policy check not enabled
Resolves: rhbz#2187431
- OpenSSL rsa_verify_recover key length checks in FIPS mode
Resolves: rhbz#2186819
[1:3.0.7-12]
- Change explicit FIPS indicator for RSA decryption to unapproved
Resolves: rhbz#2179379
[1:3.0.7-11]
- Add missing reference to patchfile to add explicit FIPS indicator to RSA
encryption and RSASVE and fix the gettable parameter list for the RSA
asymmetric cipher implementation.
Resolves: rhbz#2179379
[1:3.0.7-10]
- Add explicit FIPS indicator to RSA encryption and RSASVE
Resolves: rhbz#2179379
[1:3.0.7-9]
- Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes
Resolves: rhbz#2175864
[1:3.0.7-8]
- Fix Wpointer-sign compiler warning
Resolves: rhbz#2178034
[1:3.0.7-7]
- Add explicit FIPS indicators to key derivation functions
Resolves: rhbz#2175860 rhbz#2175864
- Zeroize FIPS module integrity check MAC after check
Resolves: rhbz#2175873
- Add explicit FIPS indicator for IV generation in AES-GCM
Resolves: rhbz#2175868
- Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant
salt in PBKDF2 FIPS self-test
Resolves: rhbz#2178137
- Limit RSA_NO_PADDING for encryption and signature in FIPS mode
Resolves: rhbz#2178029
- Pairwise consistency tests should use Digest+Sign/Verify
Resolves: rhbz#2178034
- Forbid DHX keys import in FIPS mode
Resolves: rhbz#2178030
- DH PCT should abort on failure
Resolves: rhbz#2178039
- Increase RNG seeding buffer size to 32
Related: rhbz#2168224
Related CVEs
| CVE-2023-2650 |
| CVE-2023-0465 |
| CVE-2023-0464 |
| CVE-2023-0466 |
| CVE-2023-1255 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | openssl-3.0.7-16.0.1.el9_2.src.rpm | 69a046b42e69eeb113af49e78ea3c427b2c869df5838a302706c9cf05dc7121a | - | ol9_aarch64_appstream |
| openssl-3.0.7-16.0.1.el9_2.src.rpm | 69a046b42e69eeb113af49e78ea3c427b2c869df5838a302706c9cf05dc7121a | - | ol9_aarch64_baseos_latest | |
| openssl-3.0.7-16.0.1.el9_2.src.rpm | 69a046b42e69eeb113af49e78ea3c427b2c869df5838a302706c9cf05dc7121a | - | ol9_aarch64_u2_baseos_patch | |
| openssl-3.0.7-16.0.1.el9_2.aarch64.rpm | 987c2d41ee950a79f84f01f012476e411f1d0570919f066efed753be20f91542 | - | ol9_aarch64_baseos_latest | |
| openssl-3.0.7-16.0.1.el9_2.aarch64.rpm | 987c2d41ee950a79f84f01f012476e411f1d0570919f066efed753be20f91542 | - | ol9_aarch64_u2_baseos_patch | |
| openssl-devel-3.0.7-16.0.1.el9_2.aarch64.rpm | 2aed00c21a72deb186fe4e156c8adfd9c9ff819c180181b2412aca66d4757dd1 | - | ol9_aarch64_appstream | |
| openssl-libs-3.0.7-16.0.1.el9_2.aarch64.rpm | ba53a6dbd371d049ec34770a6d1f98044a0878ae6f996fb03871c764fa905f9b | - | ol9_aarch64_baseos_latest | |
| openssl-libs-3.0.7-16.0.1.el9_2.aarch64.rpm | ba53a6dbd371d049ec34770a6d1f98044a0878ae6f996fb03871c764fa905f9b | - | ol9_aarch64_u2_baseos_patch | |
| openssl-perl-3.0.7-16.0.1.el9_2.aarch64.rpm | ae1162ff293d251560d31226ca8b307ec01bf1fbef748310813dcc7eee586b7d | - | ol9_aarch64_appstream | |
| Oracle Linux 9 (x86_64) | openssl-3.0.7-16.0.1.el9_2.src.rpm | 69a046b42e69eeb113af49e78ea3c427b2c869df5838a302706c9cf05dc7121a | - | ol9_x86_64_appstream |
| openssl-3.0.7-16.0.1.el9_2.src.rpm | 69a046b42e69eeb113af49e78ea3c427b2c869df5838a302706c9cf05dc7121a | - | ol9_x86_64_baseos_latest | |
| openssl-3.0.7-16.0.1.el9_2.src.rpm | 69a046b42e69eeb113af49e78ea3c427b2c869df5838a302706c9cf05dc7121a | - | ol9_x86_64_u2_baseos_patch | |
| openssl-3.0.7-16.0.1.el9_2.x86_64.rpm | be0fd077265dc6b4fe579f65975ba02318143efd0180d3bfe01c1202a1ea4807 | - | ol9_x86_64_baseos_latest | |
| openssl-3.0.7-16.0.1.el9_2.x86_64.rpm | be0fd077265dc6b4fe579f65975ba02318143efd0180d3bfe01c1202a1ea4807 | - | ol9_x86_64_u2_baseos_patch | |
| openssl-devel-3.0.7-16.0.1.el9_2.i686.rpm | 6c1e36b109896d0606c552759ebde39266bec2b69c2aa0fae1b0bf04bbac040c | - | ol9_x86_64_appstream | |
| openssl-devel-3.0.7-16.0.1.el9_2.x86_64.rpm | 9b2ff12759cca1aebf8204a1a32f7fdc795313fbb64fb2055c5b33293e59e152 | - | ol9_x86_64_appstream | |
| openssl-libs-3.0.7-16.0.1.el9_2.i686.rpm | 411c1743217daefeffd11e827c103e57cde099d6d9b068d550b936261581c104 | - | ol9_x86_64_baseos_latest | |
| openssl-libs-3.0.7-16.0.1.el9_2.i686.rpm | 411c1743217daefeffd11e827c103e57cde099d6d9b068d550b936261581c104 | - | ol9_x86_64_u2_baseos_patch | |
| openssl-libs-3.0.7-16.0.1.el9_2.x86_64.rpm | 379262b01bc0bf13ea682e4bf88f5cbfaf25a79dc580244d562763266fb2e75c | - | ol9_x86_64_baseos_latest | |
| openssl-libs-3.0.7-16.0.1.el9_2.x86_64.rpm | 379262b01bc0bf13ea682e4bf88f5cbfaf25a79dc580244d562763266fb2e75c | - | ol9_x86_64_u2_baseos_patch | |
| openssl-perl-3.0.7-16.0.1.el9_2.x86_64.rpm | 73b813251466191b2bfe12e378f65180bbd2fb193b11f675346fdecf84bd8919 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
