(RHSA-2024:2447) Low: openssl and openssl-fips-provider security update

2024-04-3006:15:44

access.redhat.com

openssl

security update

aes-siv cipher

transport layer security

tls

cryptography

cve-2023-2975

cve-2023-3446

cve-2023-3817

cve-2023-5678

cve-2023-6129

cve-2023-6237

cve-2024-0727

red hat enterprise linux 9.4

8.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975)
openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)
OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)
openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)
openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)
openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
openssl: denial of service via null dereference (CVE-2024-0727)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9aarch64openssl-debuginfo< 3.0.7-27.el9openssl-debuginfo-3.0.7-27.el9.aarch64.rpm
RedHat9s390xopenssl-fips-provider-debuginfo< 3.0.7-2.el9openssl-fips-provider-debuginfo-3.0.7-2.el9.s390x.rpm
RedHat9ppc64leopenssl-perl< 3.0.7-27.el9openssl-perl-3.0.7-27.el9.ppc64le.rpm
RedHat9x86_64openssl< 3.0.7-27.el9openssl-3.0.7-27.el9.x86_64.rpm
RedHat9i686openssl-fips-provider-debuginfo< 3.0.7-2.el9openssl-fips-provider-debuginfo-3.0.7-2.el9.i686.rpm
RedHat9aarch64openssl-fips-provider< 3.0.7-2.el9openssl-fips-provider-3.0.7-2.el9.aarch64.rpm
RedHat9ppc64leopenssl-debugsource< 3.0.7-27.el9openssl-debugsource-3.0.7-27.el9.ppc64le.rpm
RedHat9ppc64leopenssl-libs< 3.0.7-27.el9openssl-libs-3.0.7-27.el9.ppc64le.rpm
RedHat9ppc64leopenssl-fips-provider-debugsource< 3.0.7-2.el9openssl-fips-provider-debugsource-3.0.7-2.el9.ppc64le.rpm
RedHat9aarch64openssl-fips-provider-debuginfo< 3.0.7-2.el9openssl-fips-provider-debuginfo-3.0.7-2.el9.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	aarch64	openssl-debuginfo	< 3.0.7-27.el9	openssl-debuginfo-3.0.7-27.el9.aarch64.rpm
RedHat	9	s390x	openssl-fips-provider-debuginfo	< 3.0.7-2.el9	openssl-fips-provider-debuginfo-3.0.7-2.el9.s390x.rpm
RedHat	9	ppc64le	openssl-perl	< 3.0.7-27.el9	openssl-perl-3.0.7-27.el9.ppc64le.rpm
RedHat	9	x86_64	openssl	< 3.0.7-27.el9	openssl-3.0.7-27.el9.x86_64.rpm
RedHat	9	i686	openssl-fips-provider-debuginfo	< 3.0.7-2.el9	openssl-fips-provider-debuginfo-3.0.7-2.el9.i686.rpm
RedHat	9	aarch64	openssl-fips-provider	< 3.0.7-2.el9	openssl-fips-provider-3.0.7-2.el9.aarch64.rpm
RedHat	9	ppc64le	openssl-debugsource	< 3.0.7-27.el9	openssl-debugsource-3.0.7-27.el9.ppc64le.rpm
RedHat	9	ppc64le	openssl-libs	< 3.0.7-27.el9	openssl-libs-3.0.7-27.el9.ppc64le.rpm
RedHat	9	ppc64le	openssl-fips-provider-debugsource	< 3.0.7-2.el9	openssl-fips-provider-debugsource-3.0.7-2.el9.ppc64le.rpm
RedHat	9	aarch64	openssl-fips-provider-debuginfo	< 3.0.7-2.el9	openssl-fips-provider-debuginfo-3.0.7-2.el9.aarch64.rpm