Oracle9: ELSA-2024-0310: openssl security Moderate Security Update
Summary
[1:3.0.7-25.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-25] - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarificat...
Read the Full AdvisorySRPMs
https://oss.oracle.com:443/ol9/SRPMS-updates//openssl-3.0.7-25.0.1.el9_3.src.rpm
x86_64
openssl-3.0.7-25.0.1.el9_3.x86_64.rpm openssl-devel-3.0.7-25.0.1.el9_3.i686.rpm openssl-devel-3.0.7-25.0.1.el9_3.x86_64.rpm openssl-libs-3.0.7-25.0.1.el9_3.i686.rpm openssl-libs-3.0.7-25.0.1.el9_3.x86_64.rpm openssl-perl-3.0.7-25.0.1.el9_3.x86_64.rpm
aarch64
openssl-3.0.7-25.0.1.el9_3.aarch64.rpm openssl-devel-3.0.7-25.0.1.el9_3.aarch64.rpm openssl-libs-3.0.7-25.0.1.el9_3.aarch64.rpm openssl-perl-3.0.7-25.0.1.el9_3.aarch64.rpm
i386
