Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7288: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow
  • CVE-2022-3786: OpenSSL: X.509 Email Address Variable Length Buffer Overflow
Red Hat Security Data
#vulnerability#linux#red_hat#perl#buffer_overflow#ibm#sap#ssl

Synopsis

Important: openssl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full strength general purpose cryptography library.

Security Fix(es):

  • OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)
  • OpenSSL: X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
  • BZ - 2139104 - CVE-2022-3786 OpenSSL: X.509 Email Address Variable Length Buffer Overflow

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/security/vulnerabilities/RHSB-2022-004

Red Hat Enterprise Linux for x86_64 9

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

x86_64

openssl-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f8067a94c9417e06db9e962cabe552275a38b35a5e0286a3270d6c4a3c147eb

openssl-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491

openssl-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491

openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e

openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e

openssl-debugsource-3.0.1-43.el9_0.i686.rpm

SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb

openssl-debugsource-3.0.1-43.el9_0.i686.rpm

SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb

openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1

openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1

openssl-devel-3.0.1-43.el9_0.i686.rpm

SHA-256: c4e5ead365c1f4466e74c4fe2875a07c26f4b8eb4e5a6917bac4d42e5e175db2

openssl-devel-3.0.1-43.el9_0.x86_64.rpm

SHA-256: a7746cb1e087a93f6fa84de0f61d8656f606f94e3ce15789171faf5dc0bcfcec

openssl-libs-3.0.1-43.el9_0.i686.rpm

SHA-256: c061f9104da32c3c3db154bb87123b8fb725bbe1c221994744d92220fdc8a6a7

openssl-libs-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 55c37175df942fcf00cfd4af699693a4e175b61639d40f334d66758ccffca8ba

openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677

openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677

openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862

openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862

openssl-perl-3.0.1-43.el9_0.x86_64.rpm

SHA-256: ce6badbd509a951d9c0d07c1b5c6eab1bd7f7a80d65aad67328dc2673f833cfe

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

x86_64

openssl-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f8067a94c9417e06db9e962cabe552275a38b35a5e0286a3270d6c4a3c147eb

openssl-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491

openssl-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491

openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e

openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e

openssl-debugsource-3.0.1-43.el9_0.i686.rpm

SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb

openssl-debugsource-3.0.1-43.el9_0.i686.rpm

SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb

openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1

openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1

openssl-devel-3.0.1-43.el9_0.i686.rpm

SHA-256: c4e5ead365c1f4466e74c4fe2875a07c26f4b8eb4e5a6917bac4d42e5e175db2

openssl-devel-3.0.1-43.el9_0.x86_64.rpm

SHA-256: a7746cb1e087a93f6fa84de0f61d8656f606f94e3ce15789171faf5dc0bcfcec

openssl-libs-3.0.1-43.el9_0.i686.rpm

SHA-256: c061f9104da32c3c3db154bb87123b8fb725bbe1c221994744d92220fdc8a6a7

openssl-libs-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 55c37175df942fcf00cfd4af699693a4e175b61639d40f334d66758ccffca8ba

openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677

openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677

openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862

openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862

openssl-perl-3.0.1-43.el9_0.x86_64.rpm

SHA-256: ce6badbd509a951d9c0d07c1b5c6eab1bd7f7a80d65aad67328dc2673f833cfe

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

s390x

openssl-3.0.1-43.el9_0.s390x.rpm

SHA-256: df7798ab952d85536775bc4490695b1dd9f862b4b834b17d56ca8d76ebea940b

openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c

openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c

openssl-debugsource-3.0.1-43.el9_0.s390x.rpm

SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e

openssl-debugsource-3.0.1-43.el9_0.s390x.rpm

SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e

openssl-devel-3.0.1-43.el9_0.s390x.rpm

SHA-256: 1e5f98eec6b3a1bd7219b04b8d9f24d8a25a2fa96e63ec1f6a1f04ec9912c8b1

openssl-libs-3.0.1-43.el9_0.s390x.rpm

SHA-256: 1e687f6e6fd44eab905314695fabd73aa6a1fd7471026b6a96f8749505c7e495

openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da

openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da

openssl-perl-3.0.1-43.el9_0.s390x.rpm

SHA-256: 9285a936e2e7826971637ba5861d585850a20997af50072ba5ae90d929e71a0c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

s390x

openssl-3.0.1-43.el9_0.s390x.rpm

SHA-256: df7798ab952d85536775bc4490695b1dd9f862b4b834b17d56ca8d76ebea940b

openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c

openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c

openssl-debugsource-3.0.1-43.el9_0.s390x.rpm

SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e

openssl-debugsource-3.0.1-43.el9_0.s390x.rpm

SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e

openssl-devel-3.0.1-43.el9_0.s390x.rpm

SHA-256: 1e5f98eec6b3a1bd7219b04b8d9f24d8a25a2fa96e63ec1f6a1f04ec9912c8b1

openssl-libs-3.0.1-43.el9_0.s390x.rpm

SHA-256: 1e687f6e6fd44eab905314695fabd73aa6a1fd7471026b6a96f8749505c7e495

openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da

openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da

openssl-perl-3.0.1-43.el9_0.s390x.rpm

SHA-256: 9285a936e2e7826971637ba5861d585850a20997af50072ba5ae90d929e71a0c

Red Hat Enterprise Linux for Power, little endian 9

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

ppc64le

openssl-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: e1e380c4a5d622c83e91fdd7d14bbd3a2544fd77fe761b28ecef44c3f58acd7e

openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c

openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c

openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1

openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1

openssl-devel-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 72f3be26b5d0330a051bddf1b59306e86a142905146aaf4ff513e2f3da271197

openssl-libs-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 917b05797839fa1ffe0a92c8b94903b84d7b4802169382d63f77fe5011c0e1a3

openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753

openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753

openssl-perl-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6e1f8b7744ec8ccd8275229f5f6698f57a4f623ef4f2ce4a1cf393832bc2f85e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

ppc64le

openssl-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: e1e380c4a5d622c83e91fdd7d14bbd3a2544fd77fe761b28ecef44c3f58acd7e

openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c

openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c

openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1

openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1

openssl-devel-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 72f3be26b5d0330a051bddf1b59306e86a142905146aaf4ff513e2f3da271197

openssl-libs-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 917b05797839fa1ffe0a92c8b94903b84d7b4802169382d63f77fe5011c0e1a3

openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753

openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753

openssl-perl-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6e1f8b7744ec8ccd8275229f5f6698f57a4f623ef4f2ce4a1cf393832bc2f85e

Red Hat Enterprise Linux for ARM 64 9

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

aarch64

openssl-3.0.1-43.el9_0.aarch64.rpm

SHA-256: b7dcc788d39d854a59e888ec304b80fd2e9dceae446c1cadf3442eba392aae8a

openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a

openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a

openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1

openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1

openssl-devel-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 95c94bf3c170795baaa0ba8e88407465d6da0e83a16bc35f8e0997d710b97995

openssl-libs-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 20111060e5cf30da9f0b6053cba8d806389ac11e7a454b98be027b0e78e3ef02

openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b

openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b

openssl-perl-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 8a9fed2895df45d1a528d9e82acefa04edd374428c9d8f387ce71ab71e766d33

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

aarch64

openssl-3.0.1-43.el9_0.aarch64.rpm

SHA-256: b7dcc788d39d854a59e888ec304b80fd2e9dceae446c1cadf3442eba392aae8a

openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a

openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a

openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1

openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1

openssl-devel-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 95c94bf3c170795baaa0ba8e88407465d6da0e83a16bc35f8e0997d710b97995

openssl-libs-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 20111060e5cf30da9f0b6053cba8d806389ac11e7a454b98be027b0e78e3ef02

openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b

openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b

openssl-perl-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 8a9fed2895df45d1a528d9e82acefa04edd374428c9d8f387ce71ab71e766d33

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

ppc64le

openssl-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: e1e380c4a5d622c83e91fdd7d14bbd3a2544fd77fe761b28ecef44c3f58acd7e

openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c

openssl-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f0e61f78f42fa79cecf6e41ff0526f4c06ec08624f32a3f93b18ff847e8d159c

openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1

openssl-debugsource-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: f8645087e1039157b232152ae5f022d1a366b328fc51675943651e397fb92ec1

openssl-devel-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 72f3be26b5d0330a051bddf1b59306e86a142905146aaf4ff513e2f3da271197

openssl-libs-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 917b05797839fa1ffe0a92c8b94903b84d7b4802169382d63f77fe5011c0e1a3

openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753

openssl-libs-debuginfo-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6061db9172b838d27538b7f9b603eec2dfa34bcd744e3332fd8a42e69d985753

openssl-perl-3.0.1-43.el9_0.ppc64le.rpm

SHA-256: 6e1f8b7744ec8ccd8275229f5f6698f57a4f623ef4f2ce4a1cf393832bc2f85e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

x86_64

openssl-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f8067a94c9417e06db9e962cabe552275a38b35a5e0286a3270d6c4a3c147eb

openssl-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491

openssl-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: 550ec2eae5ef7138f72298026f59758c9813ce44a08a0e5c45c5a49a675a5491

openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e

openssl-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 4ed8d4b72950b2772121a623d9a8e9374b75cbbad5f0b8ebbac2d23ff4d3a87e

openssl-debugsource-3.0.1-43.el9_0.i686.rpm

SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb

openssl-debugsource-3.0.1-43.el9_0.i686.rpm

SHA-256: 34fb281eaffb292f6b1ea337d9c327ba3bce27710edaa0460c335c354bba1bbb

openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1

openssl-debugsource-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 07699676d51a1057914d0aba27a3ad71b663d7f98094076dd6e6fd273cff04a1

openssl-devel-3.0.1-43.el9_0.i686.rpm

SHA-256: c4e5ead365c1f4466e74c4fe2875a07c26f4b8eb4e5a6917bac4d42e5e175db2

openssl-devel-3.0.1-43.el9_0.x86_64.rpm

SHA-256: a7746cb1e087a93f6fa84de0f61d8656f606f94e3ce15789171faf5dc0bcfcec

openssl-libs-3.0.1-43.el9_0.i686.rpm

SHA-256: c061f9104da32c3c3db154bb87123b8fb725bbe1c221994744d92220fdc8a6a7

openssl-libs-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 55c37175df942fcf00cfd4af699693a4e175b61639d40f334d66758ccffca8ba

openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677

openssl-libs-debuginfo-3.0.1-43.el9_0.i686.rpm

SHA-256: ee41538dbf1a7e59bbd1860f78b42d3a5165bc4f9642f3ae2a06b3d2479ea677

openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862

openssl-libs-debuginfo-3.0.1-43.el9_0.x86_64.rpm

SHA-256: 9f6376ce9115b7d99d9f7bb7757782186b0bea2c037743fd6d18d2c633213862

openssl-perl-3.0.1-43.el9_0.x86_64.rpm

SHA-256: ce6badbd509a951d9c0d07c1b5c6eab1bd7f7a80d65aad67328dc2673f833cfe

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

aarch64

openssl-3.0.1-43.el9_0.aarch64.rpm

SHA-256: b7dcc788d39d854a59e888ec304b80fd2e9dceae446c1cadf3442eba392aae8a

openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a

openssl-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: fa08e1ccb01f3b22ccb81fe1e3f2837dfe1ae257c7d3c96999e1ced76a61361a

openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1

openssl-debugsource-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 0b8dff6d14e9ad87059121972de163c8e861449139174e684f4004fc0a4bf7e1

openssl-devel-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 95c94bf3c170795baaa0ba8e88407465d6da0e83a16bc35f8e0997d710b97995

openssl-libs-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 20111060e5cf30da9f0b6053cba8d806389ac11e7a454b98be027b0e78e3ef02

openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b

openssl-libs-debuginfo-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 932a357e2f3e5bea5786fe2ff2d388e902fe51e15a5f5d576dd630ef5a1a4a2b

openssl-perl-3.0.1-43.el9_0.aarch64.rpm

SHA-256: 8a9fed2895df45d1a528d9e82acefa04edd374428c9d8f387ce71ab71e766d33

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

openssl-3.0.1-43.el9_0.src.rpm

SHA-256: 8018ed39b6cd74290d86862561c8d861e35e42269727e02ea804469d2a6f9cca

s390x

openssl-3.0.1-43.el9_0.s390x.rpm

SHA-256: df7798ab952d85536775bc4490695b1dd9f862b4b834b17d56ca8d76ebea940b

openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c

openssl-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: d8908abb8593f5f7e022664e062658e7b2f2516516e1fab52a53823f8460aa3c

openssl-debugsource-3.0.1-43.el9_0.s390x.rpm

SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e

openssl-debugsource-3.0.1-43.el9_0.s390x.rpm

SHA-256: ea7a4f76ce91f95e555350823763f84c251e7d3e0fc8b54494e486a521d87a8e

openssl-devel-3.0.1-43.el9_0.s390x.rpm

SHA-256: 1e5f98eec6b3a1bd7219b04b8d9f24d8a25a2fa96e63ec1f6a1f04ec9912c8b1

openssl-libs-3.0.1-43.el9_0.s390x.rpm

SHA-256: 1e687f6e6fd44eab905314695fabd73aa6a1fd7471026b6a96f8749505c7e495

openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da

openssl-libs-debuginfo-3.0.1-43.el9_0.s390x.rpm

SHA-256: 13ddf18096bb03d315ab8aefb2d93747c986553c7b88dae60e663978eb9714da

openssl-perl-3.0.1-43.el9_0.s390x.rpm

SHA-256: 9285a936e2e7826971637ba5861d585850a20997af50072ba5ae90d929e71a0c

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

CVE-2023-30969: Palantir | Trust and Security Portal

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.

CVE-2023-30959: Palantir | Trust and Security Portal

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.

CVE-2023-33953: Security Bulletins

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

CVE-2023-30950: Palantir | Trust and Security Portal

The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint

CVE-2023-30952: Palantir | Trust and Security Portal

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .

CVE-2023-30949: Palantir | Trust and Security Portal

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-30956: Palantir | Trust and Security Portal

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.

CVE-2023-30963: Palantir | Trust and Security Portal

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

CVE-2023-30955: Palantir | Trust and Security Portal

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.

CVE-2023-30945: Palantir | Trust and Security Portal

Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.

CVE-2023-2904: Security Center | HID Global

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.

CVE-2023-30948: Palantir | Trust and Security Portal

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-0786-01

Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVE-2022-45589: Talend Security

SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.

CVE-2022-34457: DSA-2022-297: Dell Command | Configure Security Update for Multiple Vulnerabilities

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]

Threat Source newsletter (Nov. 3, 2022): Mastadon, evolution, and LiveJournal oh my!

Welcome to this week’s edition of the Threat Source newsletter. I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase

RHSA-2022:7384: Red Hat Security Advisory: openssl-container security update

An update for openssl-container is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow

Gentoo Linux Security Advisory 202211-01

Gentoo Linux Security Advisory 202211-1 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution. Versions less than 3.0.7:0/3 are affected.

Red Hat Security Advisory 2022-7288-01

Red Hat Security Advisory 2022-7288-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Issues addressed include a buffer overflow vulnerability.

OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week

By Deeba Ahmed The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week

CVE-2022-3602: OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun

**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2022-3786: OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun

**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

Threat Advisory: High Severity OpenSSL Vulnerabilities

In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or

Threat Advisory: High Severity OpenSSL Vulnerabilities

In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or

Ubuntu Security Notice USN-5710-1

Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.

Ubuntu Security Notice USN-5710-1

Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to up...

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to up...

GHSA-8rwr-x37p-mx23: X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to ...

GHSA-h8jm-2x53-xhp5: X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.` character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email

CVE-2017-5711: Security Center

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.