Lucene search

K
redhatRedHatRHSA-2023:3722
HistoryJun 21, 2023 - 1:52 p.m.

(RHSA-2023:3722) Moderate: openssl security and bug fix update

2023-06-2113:52:15
access.redhat.com
48
openssl
moderate
security
bug fix
dos
resource usage
certificate policies
input buffer
aes-xts
fips mode
kdf
rsa encryption
ems
tls 1.2
core dump

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.4%

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)

  • openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (CVE-2023-0464)

  • openssl: Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465)

  • openssl: Certificate policy check not enabled (CVE-2023-0466)

  • openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • In FIPS mode, openssl KDFs should only allow selected hash algorithms (BZ#2175860)

  • In FIPS mode, openssl should reject short KDF input or output keys or provide an indicator (BZ#2175864)

  • In FIPS mode, openssl should provide an indicator for AES-GCM to query whether the IV was generated internally or provided externally (BZ#2175868)

  • openssl FIPS mode self-test should zeroize out in verify_integrity in providers/fips/self_test.c (BZ#2175873)

  • In FIPS mode, openssl should not support RSA encryption or decryption without padding (outside of RSASVE) or provide an indicator (BZ#2178029)

  • In FIPS mode, openssl should reject EVP_PKEY_fromdata() for short DHX keys, or provide an indicator (BZ#2178030)

  • In FIPS mode, openssl should not use the legacy ECDSA_do_sign(), RSA_public_encrypt(), RSA_private_decrypt() functions for pairwise consistency tests (BZ#2178034)

  • In FIPS mode, openssl should enter error state when DH PCT fails (BZ#2178039)

  • In FIPS mode, openssl should always run the PBKDF2 lower bounds checks or provide an indicator when the pkcs5 parameter is set to 1 (BZ#2178137)

  • Support requiring EMS in TLS 1.2, default to it when in FIPS mode (BZ#2188046)

  • OpenSSL rsa_verify_recover doesn’t use the same key checks as rsa_verify in FIPS mode (BZ#2188052)

  • RHEL9.0 - sshd dumps core when ibmca engine is configured with default_algorithms = CIPHERS or ALL (openssl) (BZ#2211396)

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.4%