ELSA-2024-12093

ELSA-2024-12093 - openssl security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2024-01-25

Description


[1:3.0.7-25.0.1]
- Replace upstream references [Orabug: 34340177]

[1:3.0.7-25]
- Provide relevant diagnostics when FIPS checksum is corrupted
Resolves: RHEL-5317
- Don't limit using SHA1 in KDFs in non-FIPS mode.
Resolves: RHEL-5295
- Provide empty evp_properties section in main OpenSSL configuration file
Resolves: RHEL-11439
- Avoid implicit function declaration when building openssl
Resolves: RHEL-1780
- Forbid explicit curves when created via EVP_PKEY_fromdata
Resolves: RHEL-5304
- AES-SIV cipher implementation contains a bug that causes it to ignore empty
associated data entries (CVE-2023-2975)
Resolves: RHEL-5302
- Excessive time spent checking DH keys and parameters (CVE-2023-3446)
Resolves: RHEL-5306
- Excessive time spent checking DH q parameter value (CVE-2023-3817)
Resolves: RHEL-5308
- Fix incorrect cipher key and IV length processing (CVE-2023-5363)
Resolves: RHEL-13251
- Switch explicit FIPS indicator for RSA-OAEP to approved following
clarification with CMVP
Resolves: RHEL-14083
- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c)
Resolves: RHEL-14083
- Add missing ECDH Public Key Check in FIPS mode
Resolves: RHEL-15990
- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
Resolves: RHEL-15954


Related CVEs


CVE-2023-5363

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) openssl-3.0.7-25.0.1.ksplice1.el9_3.src.rpme370e523b3c3d1f6716b2026587d13ed11a7c36fe18a3077ddcd4b2615139b1e-ol9_aarch64_userspace_ksplice
openssl-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpm16df7483ac6c14c7738f47e77e56b3a574b14a167126a2b597bf381b5bbf1a7e-ol9_aarch64_userspace_ksplice
openssl-devel-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpm3766ff7283900c6c24625c14b5eb7622c56f518c1e828731db00c7b18a0c9b1c-ol9_aarch64_userspace_ksplice
openssl-libs-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpm410be6bb0883c8fb84b97671b8558798572a1a7ee27a325f03b837626301f6b0-ol9_aarch64_userspace_ksplice
openssl-perl-3.0.7-25.0.1.ksplice1.el9_3.aarch64.rpmd308b6e43be0973971fa861b8285d93517d8660f227ad5a0535b1123f733f947-ol9_aarch64_userspace_ksplice
Oracle Linux 9 (x86_64) openssl-3.0.7-25.0.1.ksplice1.el9_3.src.rpme370e523b3c3d1f6716b2026587d13ed11a7c36fe18a3077ddcd4b2615139b1e-ol9_x86_64_userspace_ksplice
openssl-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpm71157ed868c44814473af74bc3aa21e4ae0087095d0fd78e40be243e109522b9-ol9_x86_64_userspace_ksplice
openssl-devel-3.0.7-25.0.1.ksplice1.el9_3.i686.rpm0315c661a267be8855b4847653b651d4f664a060923615d47834e074c607a3b7-ol9_x86_64_userspace_ksplice
openssl-devel-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpmd7ed79e16af55812c9abfcfaf2792760b9a859f6025fb294e1a2ffac6d057539-ol9_x86_64_userspace_ksplice
openssl-libs-3.0.7-25.0.1.ksplice1.el9_3.i686.rpm078c9abb02b243c35fd283a83a51ecc1b01b6d5291f8129059cec0b9fffea423-ol9_x86_64_userspace_ksplice
openssl-libs-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpm200e10208a4ed92f04e492ec45acb481bc47a0d5510a047f9effc25301913e4f-ol9_x86_64_userspace_ksplice
openssl-perl-3.0.7-25.0.1.ksplice1.el9_3.x86_64.rpm36b08b0895a0fa191a172446cf73554c1508804f8a70608f6b8cab6250a228aa-ol9_x86_64_userspace_ksplice



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete