{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:6224","synopsis":"Moderate: openssl security and bug fix update","severity":"SEVERITY_MODERATE","topic":"An update for openssl is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2080323","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2080323","description":"openssl occasionally sends internal error to gnutls when using FFDHE [rhel-9.0.0.z]"},{"ticket":"2081494","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2081494","description":"CVE-2022-1292 openssl: c_rehash script allows command injection"},{"ticket":"2082584","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2082584","description":"OpenSSL FIPS module should not build in non-approved algorithms [rhel-9.0.0.z]"},{"ticket":"2082585","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2082585","description":"Change FIPS module version to include hash of specfile, patches and sources [rhel-9.0.0.z]"},{"ticket":"2085499","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085499","description":"openssl req defaults to 3DES [rhel-9.0.0.z]"},{"ticket":"2085500","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085500","description":"Specifying the openssl config file explicitly causes provider initialisation to fail in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2085521","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2085521","description":"OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2086554","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2086554","description":"openssl s_server -groups secp256k1 in FIPS fails because X25519\/X448 [rhel-9.0.0.z]"},{"ticket":"2086866","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2086866","description":"Converting FIPS power-on self test to KAT [rhel-9.0.0.z]"},{"ticket":"2087234","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087234","description":"openssl in FIPS mode verifies SHA-1 signatures, but should not [rhel-9.0.0.z]"},{"ticket":"2087911","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087911","description":"CVE-2022-1343 openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS"},{"ticket":"2087913","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2087913","description":"CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory"},{"ticket":"2091938","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091938","description":"Small RSA keys work for some operations in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2091977","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091977","description":"FIPS provider doesn't block RSA encryption for key transport [rhel-9.0.0.z]"},{"ticket":"2091994","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2091994","description":"Incomplete filtering of ciphersuites in FIPS mode [rhel-9.0.0.z]"},{"ticket":"2095696","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2095696","description":"OpenSSL testsuite certificates expired [rhel-9.0.0.z]"},{"ticket":"2097310","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2097310","description":"CVE-2022-2068 openssl: the c_rehash script allows command injection"},{"ticket":"2101346","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2101346","description":"PPC 64 Montgomery mult is buggy [rhel-9.0.0.z]"},{"ticket":"2104905","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2104905","description":"CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes"},{"ticket":"2107530","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2107530","description":"sscg FTBFS in rhel-9.1 [rhel-9.0.0.z]"},{"ticket":"2112978","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2112978","description":"[FIPS lab review] self-test [rhel-9.0.0.z]"},{"ticket":"2115856","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115856","description":"[FIPS lab review] DH tuning [rhel-9.0.0.z]"},{"ticket":"2115857","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115857","description":"[FIPS lab review] EC tuning [rhel-9.0.0.z]"},{"ticket":"2115858","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115858","description":"[FIPS lab review] RSA tuning [rhel-9.0.0.z]"},{"ticket":"2115859","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115859","description":"[FIPS lab review] RAND tuning [rhel-9.0.0.z]"},{"ticket":"2115861","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115861","description":"[FIPS lab review] zeroization [rhel-9.0.0.z]"},{"ticket":"2118388","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2118388","description":"[FIPS lab review] HKDF limitations [rhel-9.0.0.z]"}],"cves":[{"name":"CVE-2022-2068","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-2068.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"6.7","cwe":"CWE-77"}],"references":[],"publishedAt":"2023-01-25T21:21:29.199409Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}