What is the severity of RHSA-2022:1065?

The severity of RHSA-2022:1065 is classified as important.

How do I fix RHSA-2022:1065?

To fix RHSA-2022:1065, update the OpenSSL package to version 1.1.1k-6.el8_5.

What is the vulnerability in RHSA-2022:1065?

The vulnerability in RHSA-2022:1065 is an infinite loop in the BN_mod_sqrt() function which can be triggered during certificate parsing.

Which packages are affected by RHSA-2022:1065?

The affected packages include openssl, openssl-libs, and their associated debuginfo and development packages.

Is there a workaround for RHSA-2022:1065?

There is no official workaround for RHSA-2022:1065, applying the update is recommended.

Vulnerability/
RHSA-2022:1065

28/3/2022

RHSA-2022:1065: Important: openssl security update

First published: Mon Mar 28 2022(Updated: )

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.<br>Security Fix(es):<br><li> openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/openssl	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-debuginfo	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-debuginfo	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-debugsource	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-debugsource	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-devel	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-devel	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-libs	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-libs	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-libs-debuginfo	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-libs-debuginfo	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-perl	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-perl	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-debuginfo	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-debugsource	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-devel	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-libs	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-libs-debuginfo	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl-perl	<1.1.1k-6.el8_5	1.1.1k-6.el8_5
redhat/openssl	<1.1.1k-6.el8_5.aa	1.1.1k-6.el8_5.aa
redhat/openssl-debuginfo	<1.1.1k-6.el8_5.aa	1.1.1k-6.el8_5.aa
redhat/openssl-debugsource	<1.1.1k-6.el8_5.aa	1.1.1k-6.el8_5.aa
redhat/openssl-devel	<1.1.1k-6.el8_5.aa	1.1.1k-6.el8_5.aa
redhat/openssl-libs	<1.1.1k-6.el8_5.aa	1.1.1k-6.el8_5.aa
redhat/openssl-libs-debuginfo	<1.1.1k-6.el8_5.aa	1.1.1k-6.el8_5.aa
redhat/openssl-perl	<1.1.1k-6.el8_5.aa	1.1.1k-6.el8_5.aa

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2022:1065?
The severity of RHSA-2022:1065 is classified as important.
How do I fix RHSA-2022:1065?
To fix RHSA-2022:1065, update the OpenSSL package to version 1.1.1k-6.el8_5.
What is the vulnerability in RHSA-2022:1065?
The vulnerability in RHSA-2022:1065 is an infinite loop in the BN_mod_sqrt() function which can be triggered during certificate parsing.
Which packages are affected by RHSA-2022:1065?
The affected packages include openssl, openssl-libs, and their associated debuginfo and development packages.
Is there a workaround for RHSA-2022:1065?
There is no official workaround for RHSA-2022:1065, applying the update is recommended.

agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/references
agent/remedy
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2022:1065
agent/software-canonical-lookup
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat