First published: Tue Oct 12 2021(Updated: )
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.<br>Security Fix(es):<br><li> openssl: integer overflow in CipherUpdate (CVE-2021-23840)</li> <li> openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openssl | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-debuginfo | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-debuginfo | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-devel | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-devel | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-libs | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-libs | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-perl | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-static | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-static | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-perl | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-debuginfo | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-devel | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-libs | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-perl | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
redhat/openssl-static | <1.0.2k-22.el7_9 | 1.0.2k-22.el7_9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2021:3798 is classified as critical due to the integer overflow vulnerability that can lead to potential exploitation.
To fix RHSA-2021:3798, update the OpenSSL packages to version 1.0.2k-22.el7_9 or later.
RHSA-2021:3798 addresses an integer overflow in CipherUpdate, identified as CVE-2021-23840.
The affected software includes openssl, openssl-debuginfo, openssl-devel, openssl-libs, openssl-perl, and openssl-static packages.
Yes, you need to upgrade to version 1.0.2k-22.el7_9 for all affected packages.