RHSA-2022:6224: Moderate: openssl security and bug fix update
First published: Tue Aug 30 2022(Updated: )
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.<br>Security Fix(es):<br><li> openssl: c_rehash script allows command injection (CVE-2022-1292)</li> <li> openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343)</li> <li> openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473)</li> <li> openssl: the c_rehash script allows command injection (CVE-2022-2068)</li> <li> openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323)</li> <li> openssl req defaults to 3DES (BZ#2085499)</li> <li> OpenSSL accepts custom elliptic curve parameters when p is large [rhel-9] (BZ#2085508)</li> <li> OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521)</li> <li> openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554)</li> <li> Converting FIPS power-on self test to KAT (BZ#2086866)</li> <li> Small RSA keys work for some operations in FIPS mode (BZ#2091938)</li> <li> FIPS provider doesn't block RSA encryption for key transport (BZ#2091977)</li> <li> OpenSSL testsuite certificates expired (BZ#2095696)</li> <li> [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044)</li> <li> [FIPS lab review] self-test (BZ#2112978)</li> <li> [FIPS lab review] DH tuning (BZ#2115856)</li> <li> [FIPS lab review] EC tuning (BZ#2115857)</li> <li> [FIPS lab review] RSA tuning (BZ#2115858)</li> <li> [FIPS lab review] RAND tuning (BZ#2115859)</li> <li> [FIPS lab review] zeroization (BZ#2115861)</li> <li> [FIPS lab review] HKDF limitations (BZ#2118388)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openssl | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-debuginfo | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-debuginfo | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-debugsource | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-debugsource | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-devel | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-devel | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-libs | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-libs | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-libs-debuginfo | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-libs-debuginfo | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-perl | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-perl | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-debuginfo | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-debugsource | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-devel | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-libs | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-libs-debuginfo | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl-perl | <3.0.1-41.el9_0 | 3.0.1-41.el9_0 |
| redhat/openssl | <3.0.1-41.el9_0.aa | 3.0.1-41.el9_0.aa |
| redhat/openssl-debuginfo | <3.0.1-41.el9_0.aa | 3.0.1-41.el9_0.aa |
| redhat/openssl-debugsource | <3.0.1-41.el9_0.aa | 3.0.1-41.el9_0.aa |
| redhat/openssl-devel | <3.0.1-41.el9_0.aa | 3.0.1-41.el9_0.aa |
| redhat/openssl-libs | <3.0.1-41.el9_0.aa | 3.0.1-41.el9_0.aa |
| redhat/openssl-libs-debuginfo | <3.0.1-41.el9_0.aa | 3.0.1-41.el9_0.aa |
| redhat/openssl-perl | <3.0.1-41.el9_0.aa | 3.0.1-41.el9_0.aa |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2080323
- https://bugzilla.redhat.com/show_bug.cgi?id=2081494
- https://bugzilla.redhat.com/show_bug.cgi?id=2082584
- https://bugzilla.redhat.com/show_bug.cgi?id=2082585
- https://bugzilla.redhat.com/show_bug.cgi?id=2085499
- https://bugzilla.redhat.com/show_bug.cgi?id=2085500
- https://bugzilla.redhat.com/show_bug.cgi?id=2085521
- https://bugzilla.redhat.com/show_bug.cgi?id=2086554
- https://bugzilla.redhat.com/show_bug.cgi?id=2086866
- https://bugzilla.redhat.com/show_bug.cgi?id=2087234
- https://bugzilla.redhat.com/show_bug.cgi?id=2087911
- https://bugzilla.redhat.com/show_bug.cgi?id=2087913
- https://bugzilla.redhat.com/show_bug.cgi?id=2091938
- https://bugzilla.redhat.com/show_bug.cgi?id=2091977
- https://bugzilla.redhat.com/show_bug.cgi?id=2091994
- https://bugzilla.redhat.com/show_bug.cgi?id=2095696
- https://bugzilla.redhat.com/show_bug.cgi?id=2097310
- https://bugzilla.redhat.com/show_bug.cgi?id=2101346
- https://bugzilla.redhat.com/show_bug.cgi?id=2104905
- https://bugzilla.redhat.com/show_bug.cgi?id=2107530
- https://bugzilla.redhat.com/show_bug.cgi?id=2112978
- https://bugzilla.redhat.com/show_bug.cgi?id=2115856
- https://bugzilla.redhat.com/show_bug.cgi?id=2115857
- https://bugzilla.redhat.com/show_bug.cgi?id=2115858
- https://bugzilla.redhat.com/show_bug.cgi?id=2115859
- https://bugzilla.redhat.com/show_bug.cgi?id=2115861
- https://bugzilla.redhat.com/show_bug.cgi?id=2118388
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2022:6224 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:6224
- agent/software-canonical-lookup
- package-manager/redhat