ELSA-2024-12093

ELSA-2024-12093 - openssl security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-01-25

Description

[1:3.0.7-25.0.1]
- Replace upstream references [Orabug: 34340177]

[1:3.0.7-25]
- Provide relevant diagnostics when FIPS checksum is corrupted
Resolves: RHEL-5317
- Don't limit using SHA1 in KDFs in non-FIPS mode.
Resolves: RHEL-5295
- Provide empty evp_properties section in main OpenSSL configuration file
Resolves: RHEL-11439
- Avoid implicit function declaration when building openssl
Resolves: RHEL-1780
- Forbid explicit curves when created via EVP_PKEY_fromdata
Resolves: RHEL-5304
- AES-SIV cipher implementation contains a bug that causes it to ignore empty
associated data entries (CVE-2023-2975)
Resolves: RHEL-5302
- Excessive time spent checking DH keys and parameters (CVE-2023-3446)
Resolves: RHEL-5306
- Excessive time spent checking DH q parameter value (CVE-2023-3817)
Resolves: RHEL-5308
- Fix incorrect cipher key and IV length processing (CVE-2023-5363)
Resolves: RHEL-13251
- Switch explicit FIPS indicator for RSA-OAEP to approved following
clarification with CMVP
Resolves: RHEL-14083
- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
Resolves: RHEL-14083
- Add missing ECDH Public Key Check in FIPS mode
Resolves: RHEL-15990
- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
Resolves: RHEL-15954

Related CVEs

CVE-2023-5363

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	openssl-3.0.7-25.0.1.ksplice1.el9_3.src.rpm	e370e523b3c3d1f6716b2026587d13ed11a7c36fe18a3077ddcd4b2615139b1e	-	ol9_aarch64_userspace_ksplice
	openssl-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpm	16df7483ac6c14c7738f47e77e56b3a574b14a167126a2b597bf381b5bbf1a7e	-	ol9_aarch64_userspace_ksplice
	openssl-devel-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpm	3766ff7283900c6c24625c14b5eb7622c56f518c1e828731db00c7b18a0c9b1c	-	ol9_aarch64_userspace_ksplice
	openssl-libs-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpm	410be6bb0883c8fb84b97671b8558798572a1a7ee27a325f03b837626301f6b0	-	ol9_aarch64_userspace_ksplice
	openssl-perl-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpm	d308b6e43be0973971fa861b8285d93517d8660f227ad5a0535b1123f733f947	-	ol9_aarch64_userspace_ksplice
Oracle Linux 9 (x86_64)	openssl-3.0.7-25.0.1.ksplice1.el9_3.src.rpm	e370e523b3c3d1f6716b2026587d13ed11a7c36fe18a3077ddcd4b2615139b1e	-	ol9_x86_64_userspace_ksplice
	openssl-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpm	71157ed868c44814473af74bc3aa21e4ae0087095d0fd78e40be243e109522b9	-	ol9_x86_64_userspace_ksplice
	openssl-devel-3.0.7-25.0.1.ksplice1.el9_3.i686.rpm	0315c661a267be8855b4847653b651d4f664a060923615d47834e074c607a3b7	-	ol9_x86_64_userspace_ksplice
	openssl-devel-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpm	d7ed79e16af55812c9abfcfaf2792760b9a859f6025fb294e1a2ffac6d057539	-	ol9_x86_64_userspace_ksplice
	openssl-libs-3.0.7-25.0.1.ksplice1.el9_3.i686.rpm	078c9abb02b243c35fd283a83a51ecc1b01b6d5291f8129059cec0b9fffea423	-	ol9_x86_64_userspace_ksplice
	openssl-libs-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpm	200e10208a4ed92f04e492ec45acb481bc47a0d5510a047f9effc25301913e4f	-	ol9_x86_64_userspace_ksplice
	openssl-perl-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpm	36b08b0895a0fa191a172446cf73554c1508804f8a70608f6b8cab6250a228aa	-	ol9_x86_64_userspace_ksplice

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team