Stay Connected:

ELSA-2025-28020

ELSA-2025-28020 - openssl security update

Type:SECURITY
Impact:MODERATE
Release Date:2025-12-01

Description


[3.5.1-4.0.1]
- Enable openssl-fips-provider dependency [Orabug: 36504822]
- Temporary disable openssl-fips-provider dependency [Orabug: 36504822]
- Replace upstream references [Orabug: 34340177]

[3.5.1.openela.0.1]
- Add OpenELA specific changes

[1:3.5.1-4]
- Fix CVE-2025-9230
Resolves: RHEL-115929

[1:3.5.1-3]
- Add custom define to disable symbol versioning in downstream patched code
Also add stricter Suggests for openssl-fips-provider
Resolves: RHEL-104236
- Fix Requires/Provider to fix default install of fips providers
Resolves: RHEL-104856

[1:3.5.1-2]
- Move fips.so to a seprate subpackage
Reverts FIPS self test for SLH-DSA
Add Suggests to try to prefer the openssl-fips-provider package
over the fips-provider-next package by default
Revolves: RHEL-102408
Related: RHEL-80854

[1:3.5.1-1]
- Rebasing to OpenSSL 3.5.1
Resolves: RHEL-97797
Resolves: RHEL-98723
Resolves: RHEL-99352

[1:3.5.0-4]
- Compact patches for better maintainability
Related: RHEL-80854
- Make hybrid MLKEM work with our FIPS provider (3.0.7)
Resolves: RHEL-95239

[1:3.5.0-3]
- Fix regressions caused by rebase to OpenSSL 3.5
Related: RHEL-80854

[1:3.5.0-2]
- OpenSSL ignores 'rh-allow-sha1-signatures = yes' option on RHEL-9
Resolves: RHEL-88910
- PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
Resolves: RHEL-88912
- Fix openssl speed running in FIPS mode
Resolves: RHEL-89860
- pkeyutl ecdsa signature with sha1 shouldn't work by default
Resolves: RHEL-89861
- Expose settable params for EVP_SKEY
Resolves: RHEL-89862
- Restore RHEL9-style indicators defines
Resolves: RHEL-89859
- Enable sslkeylog support
Resolves: RHEL-90854

[1:3.5.0-1]
- Rebasing OpenSSL to 3.5
Resolves: RHEL-80854
Resolves: RHEL-50208
Resolves: RHEL-50210
Resolves: RHEL-50211
Resolves: RHEL-85954


Related CVEs


CVE-2025-9230

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) openssl-3.5.1-4.0.1.ksplice1.el9_7.src.rpmeef2a636e0912c246e2f37f214923e05db94a65966b834c4ff22df13e125c154-ol9_aarch64_userspace_ksplice
openssl-3.5.1-4.0.1.ksplice1.el9_7.aarch64.rpm698764c05c7d910046bb52bae016559967e4ec26e102b341612ab0105581bd6d-ol9_aarch64_userspace_ksplice
openssl-devel-3.5.1-4.0.1.ksplice1.el9_7.aarch64.rpme47413b0d27b6767eb023a76a2148b756004d0f0c32786709e482cb89326273b-ol9_aarch64_userspace_ksplice
openssl-libs-3.5.1-4.0.1.ksplice1.el9_7.aarch64.rpm301328963b5a12c00535e51540c4bc2bbad1f2654d971c9ab71a1302b4a86ec3-ol9_aarch64_userspace_ksplice
openssl-perl-3.5.1-4.0.1.ksplice1.el9_7.aarch64.rpm7f78cee9a55fcd124eda79acc7c3483543aa6b8bc914234c37c9a75f6f571f3c-ol9_aarch64_userspace_ksplice
Oracle Linux 9 (x86_64) openssl-3.5.1-4.0.1.ksplice1.el9_7.src.rpmeef2a636e0912c246e2f37f214923e05db94a65966b834c4ff22df13e125c154-ol9_x86_64_userspace_ksplice
openssl-3.5.1-4.0.1.ksplice1.el9_7.x86_64.rpmedb47131fdd1f070c24c0482759bd595669913e2870910986909ca8079054b01-ol9_x86_64_userspace_ksplice
openssl-devel-3.5.1-4.0.1.ksplice1.el9_7.i686.rpmc7ebffbd50c871e6a56a578e8532f8175dd8fcd40e3e73ad8f33877643d004f9-ol9_x86_64_userspace_ksplice
openssl-devel-3.5.1-4.0.1.ksplice1.el9_7.x86_64.rpm907e4fdf54a01d83c00cbc6b54524700db66a6f9371e42eb2a762f272472dc49-ol9_x86_64_userspace_ksplice
openssl-libs-3.5.1-4.0.1.ksplice1.el9_7.i686.rpmd2f18f87643e09eaf91959466b21b574b1011c08bfaf8a987e6ef82cee1e67af-ol9_x86_64_userspace_ksplice
openssl-libs-3.5.1-4.0.1.ksplice1.el9_7.x86_64.rpm3f65e5db310d019009e36e11cba316a68a5dfa7711b557f99d9292daa9998f9b-ol9_x86_64_userspace_ksplice
openssl-perl-3.5.1-4.0.1.ksplice1.el9_7.x86_64.rpmf4a33661eae7aad9c7d07912ea11737f81f79d973656a5a052f7537c155ea755-ol9_x86_64_userspace_ksplice



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights