Описание
ELSA-2022-9023: openssl security update (MODERATE)
[1.0.2k-23.0.1]
- Change Epoch from 1 to 10
- Fix DH self-test to add shared secret comparison [Orabug: 32467026]
- Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059]
- Add TLS KDF self-test [Orabug: 32467193]
- Add EC keys pairwise consistency test [Orabug: 32467059]
[1.0.2k-23]
- fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
- Resolves: rhbz#1996054
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
openssl
1.0.2k-23.0.1.el7_9_fips
openssl-devel
1.0.2k-23.0.1.el7_9_fips
openssl-libs
1.0.2k-23.0.1.el7_9_fips
openssl-perl
1.0.2k-23.0.1.el7_9_fips
openssl-static
1.0.2k-23.0.1.el7_9_fips
Oracle Linux x86_64
openssl
1.0.2k-23.0.1.el7_9_fips
openssl-devel
1.0.2k-23.0.1.el7_9_fips
openssl-libs
1.0.2k-23.0.1.el7_9_fips
openssl-perl
1.0.2k-23.0.1.el7_9_fips
openssl-static
1.0.2k-23.0.1.el7_9_fips
Связанные CVE
Связанные уязвимости
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL ter...
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL ter...
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL termin
ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...