Stay Connected:

ELBA-2024-12365

ELBA-2024-12365 - openssl bug fix update

Type:BUG
Severity:NA
Release Date:2024-05-08

Description


[1:3.0.7-27.0.3_fips]
- Replace upstream references in fips man pages [Orabug: 35824276]
- Add FIPS package change: add fips suffix to Release and
set Epoch to 10 [Orabug: 35824276]
- Update FIPS module name and remove upstream references from
fips_module_indicators manpage [Orabug: 35824276]

[1:3.0.7-27.0.3]
- Enable openssl-fips-provider dependency [Orabug: 36504822]

[1:3.0.7-27.0.2]
- Temporary disable openssl-fips-provider dependency [Orabug: 36504822]

[1:3.0.7-27.0.1]
- Replace upstream references [Orabug: 34340177]

[1:3.0.7-27]
- Use certified FIPS module instead of freshly built one in Red Hat distribution
Related: RHEL-23474

[1:3.0.7-26]
- Avoid implicit function declaration when building openssl
Related: RHEL-1780
- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
Resolves: RHEL-17104
- Add a directory for OpenSSL providers configuration
Resolves: RHEL-17193
- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
Resolves: RHEL-19515
- POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
Resolves: RHEL-21151
- Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
Resolves: RHEL-21654
- SSL ECDHE Kex fails when pkcs11 engine is set in config file
Resolves: RHEL-20249
- Denial of service via null dereference in PKCS#12
Resolves: RHEL-22486
- Use certified FIPS module instead of freshly built one in Red Hat distribution
Resolves: RHEL-23474




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) openssl-3.0.7-27.0.3.el9_fips.src.rpm7b6f9107b1eada0bef77aa80ec64ec41-ol9_aarch64_u3_security_validation
openssl-3.0.7-27.0.3.el9_fips.aarch64.rpmc747d435f696810616d1144c9ce33417-ol9_aarch64_u3_security_validation
openssl-devel-3.0.7-27.0.3.el9_fips.aarch64.rpmf56ce3945bbed105d24aa9109016e54d-ol9_aarch64_u3_security_validation
openssl-libs-3.0.7-27.0.3.el9_fips.aarch64.rpm1245cb7e35a09f9c65ee018f3090242f-ol9_aarch64_u3_security_validation
openssl-perl-3.0.7-27.0.3.el9_fips.aarch64.rpm3c124da317acbb78d19672e4c302f0d4-ol9_aarch64_u3_security_validation
Oracle Linux 9 (x86_64) openssl-3.0.7-27.0.3.el9_fips.src.rpm7b6f9107b1eada0bef77aa80ec64ec41-ol9_x86_64_u3_security_validation
openssl-3.0.7-27.0.3.el9_fips.x86_64.rpmee2cb4a9f50080803d2a75c6458aea81-ol9_x86_64_u3_security_validation
openssl-devel-3.0.7-27.0.3.el9_fips.i686.rpmc4663d5a2727cec883809889f512f241-ol9_x86_64_u3_security_validation
openssl-devel-3.0.7-27.0.3.el9_fips.x86_64.rpme3f0ae52c35042d7af7ccd8ca9d6b105-ol9_x86_64_u3_security_validation
openssl-libs-3.0.7-27.0.3.el9_fips.i686.rpme706b0bc50f4fc9b6cde2890175a5ee1-ol9_x86_64_u3_security_validation
openssl-libs-3.0.7-27.0.3.el9_fips.x86_64.rpm5fb79091c7a8069c7a685069927564a6-ol9_x86_64_u3_security_validation
openssl-perl-3.0.7-27.0.3.el9_fips.x86_64.rpm833600f5c0e4794593e4270e7d78e0f0-ol9_x86_64_u3_security_validation



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights