ELSA-2023-12152

Опубликовано: 01 мар. 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-12152: openssl security update (MODERATE)

[3.0.1-47.0.1]

[1:3.0.1-47]

Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203
Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304
Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450
Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215
Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216
Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217
Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286
Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401

[1:3.0.1-46]

[1:3.0.1-45]

Add support of X25519 and X448 'group' parameter in EVP_PKEY_CTX objects Resolves: rhbz#2149010
Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2144012
Update change to default PSS salt length with patch state from upstream Related: rhbz#2144012

[1:3.0.1-44]

SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010
Avoid memory leaks in TLS Resolves: rhbz#2144008
FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006
FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017
Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015
Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019
Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000
Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003
Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012
Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012
Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170