Lucene search

K
oraclelinuxOracleLinuxELSA-2022-9272
HistoryApr 08, 2022 - 12:00 a.m.

openssl security update

2022-04-0800:00:00
linux.oracle.com
64

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

[1.0.1e-59.0.3]

  • Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800]
    [1.0.1e-59.0.1]
  • Backport fixes for CVE-2020-1971 [Orabug: 32654738]
    [1.0.1e-58.0.1]
  • Oracle bug 28730228: backport CVE-2018-0732
  • Oracle bug 28758493: backport CVE-2018-0737
  • Merge upstream patch to fix CVE-2018-0739
  • Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz
  • sha256 is used for the RSA pairwise consistency test instead of sha1
    [1.0.1e-58]
  • fix CVE-2019-1559 - 0-byte record padding oracle
    [1.0.1e-57]
  • fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher
    [1.0.1e-55]
  • fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts
    [1.0.1e-54]
  • fix handling of ciphersuites present after the FALLBACK_SCSV
    ciphersuite entry (#1386350)
    [1.0.1e-53]
  • add README.legacy-settings
    [1.0.1e-52]
  • deprecate and disable verification of insecure hash algorithms
  • disallow DH keys with less than 1024 bits in TLS client
  • remove support for weak and export ciphersuites
  • use correct digest when exporting keying material in TLS1.2 (#1376741)
    [1.0.1e-50]
  • fix CVE-2016-2177 - possible integer overflow
  • fix CVE-2016-2178 - non-constant time DSA operations
  • fix CVE-2016-2179 - further DoS issues in DTLS
  • fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()
  • fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue
  • fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
  • fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check
  • fix CVE-2016-6304 - unbound memory growth with OCSP status request
  • fix CVE-2016-6306 - certificate message OOB reads
  • mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to
    112 bit effective strength
  • replace expired testing certificates
    [1.0.1e-49]
  • fix CVE-2016-2105 - possible overflow in base64 encoding
  • fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
  • fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
  • fix CVE-2016-2108 - memory corruption in ASN.1 encoder
  • fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
  • fix CVE-2016-0799 - memory issues in BIO_printf
    [1.0.1e-48]
  • fix CVE-2016-0702 - side channel attack on modular exponentiation
  • fix CVE-2016-0705 - double-free in DSA private key parsing
  • fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn
    [1.0.1e-47]
  • fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
  • disable SSLv2 in the generic TLS method
    [1.0.1e-46]
  • fix 1-byte memory leak in pkcs12 parse (#1229871)
  • document some options of the speed command (#1197095)
    [1.0.1e-45]
  • fix high-precision timestamps in timestamping authority
    [1.0.1e-44]
  • fix CVE-2015-7575 - disallow use of MD5 in TLS1.2
    [1.0.1e-43]
  • fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
  • fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
  • fix CVE-2015-3196 - race condition when handling PSK identity hint
    [1.0.1e-42]
  • fix regression caused by mistake in fix for CVE-2015-1791
    [1.0.1e-41]
  • improved fix for CVE-2015-1791
  • add missing parts of CVE-2015-0209 fix for corectness although unexploitable
    [1.0.1e-40]
  • fix CVE-2014-8176 - invalid free in DTLS buffering code
  • fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
  • fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
  • fix CVE-2015-1791 - race condition handling NewSessionTicket
  • fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
    [1.0.1e-39]
  • fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
    read in multithreaded applications
    [1.0.1e-38]
  • fix CVE-2015-4000 - prevent the logjam attack on client - restrict
    the DH key size to at least 768 bits (limit will be increased in future)
    [1.0.1e-37]
  • drop the AES-GCM restriction of 2^32 operations because the IV is
    always 96 bits (32 bit fixed field + 64 bit invocation field)
    [1.0.1e-36]
  • update fix for CVE-2015-0287 to what was released upstream
    [1.0.1e-35]
  • fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
  • fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
  • fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
  • fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
  • fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
  • fix CVE-2015-0292 - integer underflow in base64 decoder
  • fix CVE-2015-0293 - triggerable assert in SSLv2 server
    [1.0.1e-34]
  • copy digest algorithm when handling SNI context switch
  • improve documentation of ciphersuites - patch by Hubert Kario
  • add support for setting Kerberos service and keytab in
    s_server and s_client
    [1.0.1e-33]
  • fix CVE-2014-3570 - incorrect computation in BN_sqr()
  • fix CVE-2014-3571 - possible crash in dtls1_get_record()
  • fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state
  • fix CVE-2014-8275 - various certificate fingerprint issues
  • fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
    ciphersuites and on server
  • fix CVE-2015-0205 - do not allow unauthenticated client DH certificate
  • fix CVE-2015-0206 - possible memory leak when buffering DTLS records
    [1.0.1e-32]
  • use FIPS approved method for computation of d in RSA
    [1.0.1e-31]
  • fix CVE-2014-3567 - memory leak when handling session tickets
  • fix CVE-2014-3513 - memory leak in srtp support
  • add support for fallback SCSV to partially mitigate CVE-2014-3566
    (padding attack on SSL3)
    [1.0.1e-30]
  • add ECC TLS extensions to DTLS (#1119800)
    [1.0.1e-29]
  • fix CVE-2014-3505 - doublefree in DTLS packet processing
  • fix CVE-2014-3506 - avoid memory exhaustion in DTLS
  • fix CVE-2014-3507 - avoid memory leak in DTLS
  • fix CVE-2014-3508 - fix OID handling to avoid information leak
  • fix CVE-2014-3509 - fix race condition when parsing server hello
  • fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
  • fix CVE-2014-3511 - disallow protocol downgrade via fragmentation
    [1.0.1e-28]
  • fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
    [1.0.1e-26]
  • drop EXPORT, RC2, and DES from the default cipher list (#1057520)
  • print ephemeral key size negotiated in TLS handshake (#1057715)
  • do not include ECC ciphersuites in SSLv2 client hello (#1090952)
  • properly detect encryption failure in BIO (#1100819)
  • fail on hmac integrity check if the .hmac file is empty (#1105567)
  • FIPS mode: make the limitations on DSA, DH, and RSA keygen
    length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment
    variable is set
    [1.0.1e-25]
  • fix CVE-2010-5298 - possible use of memory after free
  • fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
  • fix CVE-2014-0198 - possible NULL pointer dereference
  • fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
  • fix CVE-2014-0224 - SSL/TLS MITM vulnerability
  • fix CVE-2014-3470 - client-side DoS when using anonymous ECDH
    [1.0.1e-24]
  • add back support for secp521r1 EC curve
    [1.0.1e-23]
  • fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
    [1.0.1e-22]
  • use 2048 bit RSA key in FIPS selftests
    [1.0.1e-21]
  • add DH_compute_key_padded needed for FIPS CAVS testing
  • make 3des strength to be 128 bits instead of 168 (#1056616)
  • FIPS mode: do not generate DSA keys and DH parameters < 2048 bits
  • FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)
  • FIPS mode: add DH selftest
  • FIPS mode: reseed DRBG properly on RAND_add()
  • FIPS mode: add RSA encrypt/decrypt selftest
  • FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key
  • use the key length from configuration file if req -newkey rsa is invoked
    [1.0.1e-20]
  • fix CVE-2013-4353 - Invalid TLS handshake crash
    [1.0.1e-19]
  • fix CVE-2013-6450 - possible MiTM attack on DTLS1
    [1.0.1e-18]
  • fix CVE-2013-6449 - crash when version in SSL structure is incorrect
    [1.0.1e-17]
  • add back some no-op symbols that were inadvertently dropped
    [1.0.1e-16]
  • do not advertise ECC curves we do not support
  • fix CPU identification on Cyrix CPUs
    [1.0.1e-15]
  • make DTLS1 work in FIPS mode
  • avoid RSA and DSA 512 bits and Whirlpool in ‘openssl speed’ in FIPS mode
    [1.0.1e-14]
  • installation of dracut-fips marks that the FIPS module is installed
    [1.0.1e-13]
  • avoid dlopening libssl.so from libcrypto
    [1.0.1e-12]
  • fix small memory leak in FIPS aes selftest
  • fix segfault in openssl speed hmac in the FIPS mode
    [1.0.1e-11]
  • document the nextprotoneg option in manual pages
    original patch by Hubert Kario
    [1.0.1e-9]
  • always perform the FIPS selftests in library constructor
    if FIPS module is installed
    [1.0.1e-8]
  • fix use of rdrand if available
  • more commits cherry picked from upstream
  • documentation fixes
    [1.0.1e-7]
  • additional manual page fix
  • use symbol versioning also for the textual version
    [1.0.1e-6]
  • additional manual page fixes
  • cleanup speed command output for ECDH ECDSA
    [1.0.1e-5]
  • use _prefix macro
    [1.0.1e-4]
  • add relro linking flag
    [1.0.1e-2]
  • add support for the -trusted_first option for certificate chain verification
    [1.0.1e-1]
  • rebase to the 1.0.1e upstream version
    [1.0.0-28]
  • fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
  • fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
  • enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB
    environment variable is set (fixes CVE-2012-4929 #857051)
  • use __secure_getenv() everywhere instead of getenv() (#839735)
    [1.0.0-27]
  • fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)
  • drop superfluous lib64 fixup in pkgconfig .pc files (#770872)
  • force BIO_accept_new(*:
    ) to listen on IPv4
    [1.0.0-26]
  • use PKCS#8 when writing private keys in FIPS mode as the old
    PEM encryption mode is not FIPS compatible (#812348)
    [1.0.0-25]
  • fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)
  • properly initialize tkeylen in the CVE-2012-0884 fix
    [1.0.0-24]
  • fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
    [1.0.0-23]
  • fix problem with the SGC restart patch that might terminate handshake
    incorrectly
  • fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
  • fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
    [1.0.0-22]
  • fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes
    [1.0.0-21]
  • fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery
    vulnerability and additional DTLS fixes (#771770)
  • fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
  • fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)
  • fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
    [1.0.0-20]
  • fix x86cpuid.pl - patch by Paolo Bonzini
    [1.0.0-19]
  • add known answer test for SHA2 algorithms
    [1.0.0-18]
  • fix missing initialization of a variable in the CHIL engine (#740188)
    [1.0.0-17]
  • initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207
    (#736087)
    [1.0.0-16]
  • merge the optimizations for AES-NI, SHA1, and RC4 from the intelx
    engine to the internal implementations
    [1.0.0-15]
  • better documentation of the available digests in apps (#693858)
  • backported CHIL engine fixes (#693863)
  • allow testing build without downstream patches (#708511)
  • enable partial RELRO when linking (#723994)
  • add intelx engine with improved performance on new Intel CPUs
  • add OPENSSL_DISABLE_AES_NI environment variable which disables
    the AES-NI support (does not affect the intelx engine)
    [1.0.0-14]
  • use the AES-NI engine in the FIPS mode
    [1.0.0-11]
  • add API necessary for CAVS testing of the new DSA parameter generation
    [1.0.0-10]
  • fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)
  • correct the README.FIPS document

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P