Lucene search

K
redhatRedHatRHSA-2024:0500
HistoryJan 25, 2024 - 4:25 p.m.

(RHSA-2024:0500) Moderate: openssl security update

2024-01-2516:25:40
CWE-325
access.redhat.com
24
openssl
ssl
tls
cryptography
security update
cve-2023-5363
bug fixes
fips-compliant
nist sp 800-56arev3
rsa-oaep
ecdh public key check
rhel-9.2.z

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

44.3%

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: Incorrect cipher key and IV length processing (CVE-2023-5363)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-9.2.z (RHEL-14578, BZ#2153471)
  • OpenSSL should provide FIPS-compliant RSA-OAEP (RHEL-14616)
  • NIST SP 800-56Arev3 Section 5.6.2.1 - Missing ECDH Public Key Check (RHEL-15992)
  • In FIPS mode, OpenSSL must not perform any cryptographic operations when rsa_keygen_pairwise_test fails (RHEL-17110)

Affected configurations

Vulners
Node
redhatopensslRange3.0.7-25.el9_3
OR
redhatopensslRange3.0.7-18.el9_2
OR
redhatodf4\/cephcsi-rhel9Rangev4.15.0-37
OR
redhatodf4\/mcg-core-rhel9Rangev4.15.0-68
OR
redhatodf4\/mcg-operator-bundleRangev4.15.0-158
OR
redhatodf4\/mcg-rhel9-operatorRangev4.15.0-39
OR
redhatodf4\/ocs-client-console-rhel9Rangev4.15.0-58
OR
redhatodf4\/ocs-client-operator-bundleRangev4.15.0-158
OR
redhatodf4\/ocs-client-rhel9-operatorRangev4.15.0-13
OR
redhatodf4\/ocs-metrics-exporter-rhel9Rangev4.15.0-81
OR
redhatodf4\/ocs-operator-bundleRangev4.15.0-158
OR
redhatodf4\/ocs-rhel9-operatorRangev4.15.0-79
OR
redhatodf4\/odf-cli-rhel9Rangev4.15.0-22
OR
redhatodf4\/odf-console-rhel9Rangev4.15.0-57
OR
redhatodf4\/odf-cosi-sidecar-rhel9Rangev4.15.0-6
OR
redhatodf4\/odf-csi-addons-operator-bundleRangev4.15.0-158
OR
redhatodf4\/odf-csi-addons-rhel9-operatorRangev4.15.0-15
OR
redhatodf4\/odf-csi-addons-sidecar-rhel9Rangev4.15.0-15
OR
redhatodf4\/odf-multicluster-console-rhel9Rangev4.15.0-54
OR
redhatodf4\/odf-multicluster-operator-bundleRangev4.15.0-158
OR
redhatodf4\/odf-multicluster-rhel9-operatorRangev4.15.0-10
OR
redhatodf4\/odf-must-gather-rhel9Rangev4.15.0-26
OR
redhatodf4\/odf-operator-bundleRangev4.15.0-158
OR
redhatodf4\/odf-rhel9-operatorRangev4.15.0-19
OR
redhatcluster_projectRangev4.15.0-158
OR
redhatodf4\/odr-hub-operator-bundleRangev4.15.0-158
OR
redhatodf4\/odr-rhel9-operatorRangev4.15.0-21
OR
redhatcephRangev4.15.0-103
OR
redhatopenshift_loggingRangev5.8.6-22
OR
redhatopenshift_loggingRangev5.8.6-11
OR
redhatopenshift_loggingRangev6.8.1-407
OR
redhatopenshift_loggingRangev5.8.6-19
OR
redhatopenshift_loggingRangev1.0.0-479
OR
redhatopenshift_loggingRangev5.8.6-7
OR
redhatopenshift_loggingRangev0.4.0-247
OR
redhatopenshift_loggingRangev5.8.6-5
OR
redhatopenshift_loggingRangev1.1.0-227
OR
redhatopenshift_loggingRangev5.8.1-470
OR
redhatopenshift_loggingRangev2.9.6-14
OR
redhatopenshift_loggingRangev5.8.6-2
OR
redhatopenshift_loggingRangev5.8.6-24
OR
redhatopenshift_loggingRangev5.8.6-10
OR
redhatopenshift_loggingRangev0.1.0-525
OR
redhatopenshift_loggingRangev0.1.0-224
OR
redhatopenshift_loggingRangev0.28.1-56
AND
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatopenssl*cpe:2.3:a:redhat:openssl:*:*:*:*:*:*:*:*
redhatodf4\/cephcsi-rhel9*cpe:2.3:a:redhat:odf4\/cephcsi-rhel9:*:*:*:*:*:*:*:*
redhatodf4\/mcg-core-rhel9*cpe:2.3:a:redhat:odf4\/mcg-core-rhel9:*:*:*:*:*:*:*:*
redhatodf4\/mcg-operator-bundle*cpe:2.3:a:redhat:odf4\/mcg-operator-bundle:*:*:*:*:*:*:*:*
redhatodf4\/mcg-rhel9-operator*cpe:2.3:a:redhat:odf4\/mcg-rhel9-operator:*:*:*:*:*:*:*:*
redhatodf4\/ocs-client-console-rhel9*cpe:2.3:a:redhat:odf4\/ocs-client-console-rhel9:*:*:*:*:*:*:*:*
redhatodf4\/ocs-client-operator-bundle*cpe:2.3:a:redhat:odf4\/ocs-client-operator-bundle:*:*:*:*:*:*:*:*
redhatodf4\/ocs-client-rhel9-operator*cpe:2.3:a:redhat:odf4\/ocs-client-rhel9-operator:*:*:*:*:*:*:*:*
redhatodf4\/ocs-metrics-exporter-rhel9*cpe:2.3:a:redhat:odf4\/ocs-metrics-exporter-rhel9:*:*:*:*:*:*:*:*
redhatodf4\/ocs-operator-bundle*cpe:2.3:a:redhat:odf4\/ocs-operator-bundle:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 291

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

44.3%