Headline
RHSA-2022:7288: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow
- CVE-2022-3786: OpenSSL: X.509 Email Address Variable Length Buffer Overflow
Synopsis
Important: openssl security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full strength general purpose cryptography library.
Security Fix(es):
- OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)
- OpenSSL: X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
- BZ - 2139104 - CVE-2022-3786 OpenSSL: X.509 Email Address Variable Length Buffer Overflow
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-004
Red Hat Enterprise Linux for x86_64 9
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
x86_64
openssl-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f8067a94c9417e06db9e962cabe552275a38b35a5e0286a3270d6c4a3c147eb
openssl-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491
openssl-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491
openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e
openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e
openssl-debugsource-3.0.1-43.el9_0.i686.rpm
SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb
openssl-debugsource-3.0.1-43.el9_0.i686.rpm
SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb
openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1
openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1
openssl-devel-3.0.1-43.el9_0.i686.rpm
SHA-256: c4e5ead365c1f4466e74c4fe2875a07c26f4b8eb4e5a6917bac4d42e5e175db2
openssl-devel-3.0.1-43.el9_0.x86_64.rpm
SHA-256: a7746cb1e087a93f6fa84de0f61d8656f606f94e3ce15789171faf5dc0bcfcec
openssl-libs-3.0.1-43.el9_0.i686.rpm
SHA-256: c061f9104da32c3c3db154bb87123b8fb725bbe1c221994744d92220fdc8a6a7
openssl-libs-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 55c37175df942fcf00cfd4af699693a4e175b61639d40f334d66758ccffca8ba
openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677
openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677
openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862
openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862
openssl-perl-3.0.1-43.el9_0.x86_64.rpm
SHA-256: ce6badbd509a951d9c0d07c1b5c6eab1bd7f7a80d65aad67328dc2673f833cfe
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
x86_64
openssl-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f8067a94c9417e06db9e962cabe552275a38b35a5e0286a3270d6c4a3c147eb
openssl-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491
openssl-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491
openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e
openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e
openssl-debugsource-3.0.1-43.el9_0.i686.rpm
SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb
openssl-debugsource-3.0.1-43.el9_0.i686.rpm
SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb
openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1
openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1
openssl-devel-3.0.1-43.el9_0.i686.rpm
SHA-256: c4e5ead365c1f4466e74c4fe2875a07c26f4b8eb4e5a6917bac4d42e5e175db2
openssl-devel-3.0.1-43.el9_0.x86_64.rpm
SHA-256: a7746cb1e087a93f6fa84de0f61d8656f606f94e3ce15789171faf5dc0bcfcec
openssl-libs-3.0.1-43.el9_0.i686.rpm
SHA-256: c061f9104da32c3c3db154bb87123b8fb725bbe1c221994744d92220fdc8a6a7
openssl-libs-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 55c37175df942fcf00cfd4af699693a4e175b61639d40f334d66758ccffca8ba
openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677
openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677
openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862
openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862
openssl-perl-3.0.1-43.el9_0.x86_64.rpm
SHA-256: ce6badbd509a951d9c0d07c1b5c6eab1bd7f7a80d65aad67328dc2673f833cfe
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
s390x
openssl-3.0.1-43.el9_0.s390x.rpm
SHA-256: df7798ab952d85536775bc4490695b1dd9f862b4b834b17d56ca8d76ebea940b
openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c
openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c
openssl-debugsource-3.0.1-43.el9_0.s390x.rpm
SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e
openssl-debugsource-3.0.1-43.el9_0.s390x.rpm
SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e
openssl-devel-3.0.1-43.el9_0.s390x.rpm
SHA-256: 1e5f98eec6b3a1bd7219b04b8d9f24d8a25a2fa96e63ec1f6a1f04ec9912c8b1
openssl-libs-3.0.1-43.el9_0.s390x.rpm
SHA-256: 1e687f6e6fd44eab905314695fabd73aa6a1fd7471026b6a96f8749505c7e495
openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da
openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da
openssl-perl-3.0.1-43.el9_0.s390x.rpm
SHA-256: 9285a936e2e7826971637ba5861d585850a20997af50072ba5ae90d929e71a0c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
s390x
openssl-3.0.1-43.el9_0.s390x.rpm
SHA-256: df7798ab952d85536775bc4490695b1dd9f862b4b834b17d56ca8d76ebea940b
openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c
openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c
openssl-debugsource-3.0.1-43.el9_0.s390x.rpm
SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e
openssl-debugsource-3.0.1-43.el9_0.s390x.rpm
SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e
openssl-devel-3.0.1-43.el9_0.s390x.rpm
SHA-256: 1e5f98eec6b3a1bd7219b04b8d9f24d8a25a2fa96e63ec1f6a1f04ec9912c8b1
openssl-libs-3.0.1-43.el9_0.s390x.rpm
SHA-256: 1e687f6e6fd44eab905314695fabd73aa6a1fd7471026b6a96f8749505c7e495
openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da
openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da
openssl-perl-3.0.1-43.el9_0.s390x.rpm
SHA-256: 9285a936e2e7826971637ba5861d585850a20997af50072ba5ae90d929e71a0c
Red Hat Enterprise Linux for Power, little endian 9
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
ppc64le
openssl-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: e1e380c4a5d622c83e91fdd7d14bbd3a2544fd77fe761b28ecef44c3f58acd7e
openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c
openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c
openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1
openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1
openssl-devel-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 72f3be26b5d0330a051bddf1b59306e86a142905146aaf4ff513e2f3da271197
openssl-libs-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 917b05797839fa1ffe0a92c8b94903b84d7b4802169382d63f77fe5011c0e1a3
openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753
openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753
openssl-perl-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6e1f8b7744ec8ccd8275229f5f6698f57a4f623ef4f2ce4a1cf393832bc2f85e
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
ppc64le
openssl-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: e1e380c4a5d622c83e91fdd7d14bbd3a2544fd77fe761b28ecef44c3f58acd7e
openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c
openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c
openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1
openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1
openssl-devel-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 72f3be26b5d0330a051bddf1b59306e86a142905146aaf4ff513e2f3da271197
openssl-libs-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 917b05797839fa1ffe0a92c8b94903b84d7b4802169382d63f77fe5011c0e1a3
openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753
openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753
openssl-perl-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6e1f8b7744ec8ccd8275229f5f6698f57a4f623ef4f2ce4a1cf393832bc2f85e
Red Hat Enterprise Linux for ARM 64 9
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
aarch64
openssl-3.0.1-43.el9_0.aarch64.rpm
SHA-256: b7dcc788d39d854a59e888ec304b80fd2e9dceae446c1cadf3442eba392aae8a
openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a
openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a
openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1
openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1
openssl-devel-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 95c94bf3c170795baaa0ba8e88407465d6da0e83a16bc35f8e0997d710b97995
openssl-libs-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 20111060e5cf30da9f0b6053cba8d806389ac11e7a454b98be027b0e78e3ef02
openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b
openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b
openssl-perl-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 8a9fed2895df45d1a528d9e82acefa04edd374428c9d8f387ce71ab71e766d33
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
aarch64
openssl-3.0.1-43.el9_0.aarch64.rpm
SHA-256: b7dcc788d39d854a59e888ec304b80fd2e9dceae446c1cadf3442eba392aae8a
openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a
openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a
openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1
openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1
openssl-devel-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 95c94bf3c170795baaa0ba8e88407465d6da0e83a16bc35f8e0997d710b97995
openssl-libs-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 20111060e5cf30da9f0b6053cba8d806389ac11e7a454b98be027b0e78e3ef02
openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b
openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b
openssl-perl-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 8a9fed2895df45d1a528d9e82acefa04edd374428c9d8f387ce71ab71e766d33
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
ppc64le
openssl-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: e1e380c4a5d622c83e91fdd7d14bbd3a2544fd77fe761b28ecef44c3f58acd7e
openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c
openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c
openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1
openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1
openssl-devel-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 72f3be26b5d0330a051bddf1b59306e86a142905146aaf4ff513e2f3da271197
openssl-libs-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 917b05797839fa1ffe0a92c8b94903b84d7b4802169382d63f77fe5011c0e1a3
openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753
openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753
openssl-perl-3.0.1-43.el9_0.ppc64le.rpm
SHA-256: 6e1f8b7744ec8ccd8275229f5f6698f57a4f623ef4f2ce4a1cf393832bc2f85e
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
x86_64
openssl-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f8067a94c9417e06db9e962cabe552275a38b35a5e0286a3270d6c4a3c147eb
openssl-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491
openssl-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491
openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e
openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e
openssl-debugsource-3.0.1-43.el9_0.i686.rpm
SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb
openssl-debugsource-3.0.1-43.el9_0.i686.rpm
SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb
openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1
openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1
openssl-devel-3.0.1-43.el9_0.i686.rpm
SHA-256: c4e5ead365c1f4466e74c4fe2875a07c26f4b8eb4e5a6917bac4d42e5e175db2
openssl-devel-3.0.1-43.el9_0.x86_64.rpm
SHA-256: a7746cb1e087a93f6fa84de0f61d8656f606f94e3ce15789171faf5dc0bcfcec
openssl-libs-3.0.1-43.el9_0.i686.rpm
SHA-256: c061f9104da32c3c3db154bb87123b8fb725bbe1c221994744d92220fdc8a6a7
openssl-libs-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 55c37175df942fcf00cfd4af699693a4e175b61639d40f334d66758ccffca8ba
openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677
openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm
SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677
openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862
openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm
SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862
openssl-perl-3.0.1-43.el9_0.x86_64.rpm
SHA-256: ce6badbd509a951d9c0d07c1b5c6eab1bd7f7a80d65aad67328dc2673f833cfe
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
aarch64
openssl-3.0.1-43.el9_0.aarch64.rpm
SHA-256: b7dcc788d39d854a59e888ec304b80fd2e9dceae446c1cadf3442eba392aae8a
openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a
openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a
openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1
openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1
openssl-devel-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 95c94bf3c170795baaa0ba8e88407465d6da0e83a16bc35f8e0997d710b97995
openssl-libs-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 20111060e5cf30da9f0b6053cba8d806389ac11e7a454b98be027b0e78e3ef02
openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b
openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b
openssl-perl-3.0.1-43.el9_0.aarch64.rpm
SHA-256: 8a9fed2895df45d1a528d9e82acefa04edd374428c9d8f387ce71ab71e766d33
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
openssl-3.0.1-43.el9_0.src.rpm
SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca
s390x
openssl-3.0.1-43.el9_0.s390x.rpm
SHA-256: df7798ab952d85536775bc4490695b1dd9f862b4b834b17d56ca8d76ebea940b
openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c
openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c
openssl-debugsource-3.0.1-43.el9_0.s390x.rpm
SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e
openssl-debugsource-3.0.1-43.el9_0.s390x.rpm
SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e
openssl-devel-3.0.1-43.el9_0.s390x.rpm
SHA-256: 1e5f98eec6b3a1bd7219b04b8d9f24d8a25a2fa96e63ec1f6a1f04ec9912c8b1
openssl-libs-3.0.1-43.el9_0.s390x.rpm
SHA-256: 1e687f6e6fd44eab905314695fabd73aa6a1fd7471026b6a96f8749505c7e495
openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da
openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm
SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da
openssl-perl-3.0.1-43.el9_0.s390x.rpm
SHA-256: 9285a936e2e7826971637ba5861d585850a20997af50072ba5ae90d929e71a0c
Related news
Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.
Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]
Welcome to this week’s edition of the Threat Source newsletter. I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase
An update for openssl-container is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow
Gentoo Linux Security Advisory 202211-1 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution. Versions less than 3.0.7:0/3 are affected.
Red Hat Security Advisory 2022-7288-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Issues addressed include a buffer overflow vulnerability.
By Deeba Ahmed The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week
**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or
Punycode-related flaw fails the logo test
Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.
Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to up...
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to up...
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to ...
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.` character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.