Описание
ELSA-2024-12093: openssl security update (IMPORTANT)
[1:3.0.7-25.0.1]
- Replace upstream references [Orabug: 34340177]
[1:3.0.7-25]
- Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317
- Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295
- Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439
- Avoid implicit function declaration when building openssl Resolves: RHEL-1780
- Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304
- AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302
- Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306
- Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308
- Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251
- Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083
- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083
- Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990
- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
openssl
3.0.7-25.0.1.ksplice1.el9_3
openssl-devel
3.0.7-25.0.1.ksplice1.el9_3
openssl-libs
3.0.7-25.0.1.ksplice1.el9_3
openssl-perl
3.0.7-25.0.1.ksplice1.el9_3
Oracle Linux x86_64
openssl
3.0.7-25.0.1.ksplice1.el9_3
openssl-devel
3.0.7-25.0.1.ksplice1.el9_3
openssl-libs
3.0.7-25.0.1.ksplice1.el9_3
openssl-perl
3.0.7-25.0.1.ksplice1.el9_3
Связанные CVE
Связанные уязвимости
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guid...
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 ...
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1
Issue summary: A bug has been identified in the processing of key and ...