Advisory ROSA-SA-2023-2211

Software: openssl 1.1.1k
OS: ROSA Virtualization 2.1

package_evr_string: openssl-1.1.1.1k-9.rv3.src.rpm

CVE-ID: CVE-2021-23840
BDU-ID: 2021-03742
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate functions of the OpenSSL TLS and SSL protocols toolkit is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update openssl command

CVE-ID: CVE-2021-23841
BDU-ID: 2021-03744
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the X509_issuer_and_serial_hash() function of the OpenSSL TLS and SSL protocol toolkit is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update openssl command

CVE-ID: CVE-2021-3712
BDU-ID: 2021-04571
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the X509_aux_print() function of the OpenSSL library involves reading outside buffer boundaries in memory when processing ASN.1 strings. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update openssl command

CVE-ID: CVE-2022-0778
BDU-ID: 2022-01315
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the BN_mod_sqrt() function of the OpenSSL library involves executing a loop without sufficiently limiting the number of times it can be executed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update openssl command

CVE-ID: CVE-2022-2097
BDU-ID: 2022-04284
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the AES OCB mode of the OpenSSL library lacking a required encryption step. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update openssl command

CVE-ID: CVE-2022-2068
BDU-ID: 2022-04039
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Montgomery degree modularization function with constant time of the OpenSSL and BoringSSL libraries is related to the ability to write beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by sending specially generated data at the time a TLS connection is established
CVE-STATUS: Fixed
CVE-REV: To close, run yum update openssl command

CVE-ID: CVE-2022-1292
BDU-ID: 2022-03181
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the OpenSSL library’s c_rehash script implementation is related to failure to take measures to neutralize shell metacharacters when processing certificates in /etc/ssl/certs/. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands
CVE-STATUS: Fixed
CVE-REV: To close, run yum update openssl command

CVE-ID: CVE-2023-0286
BDU-ID: 2023-00665
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the GENERAL_NAME_cmp function of the OpenSSL library is related to a flaw in the data type conversion mechanism when processing x400 addresses. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update openssl command

CVE-ID: CVE-2023-0215
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A post-release exploitation vulnerability has been discovered in the OpenSSL BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used to stream ASN.1 data over BIO. It is primarily used internally by OpenSSL to support SMIME, CMS, and PKCS7 streaming capabilities, but can also be called directly by end-user applications. The function receives a BIO from the calling object, adds a new BIO_f_asn1 filter in front of it to form a BIO chain, and then returns the new BIO chain header to the calling object. Under certain conditions. For example, if the CMS recipient’s public key is invalid, the new filter BIO is released and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleared, and the BIO passed by the caller still retains internal pointers to the previously released filter BIO. If the caller then calls BIO_pop() for the BIO, post-release usage will occur, which may result in a failure.
CVE-STATUS: Fixed
CVE-REV: Run the yum update openssl command to close it

CVE-ID: CVE-2022-4450
BDU-ID: 2023-02240
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the PEM_read_bio_ex() function of the OpenSSL cryptographic library is related to repeated memory freeing when processing PEM files. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PEM file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update openssl command

CVE-ID: CVE-2022-4304
BDU-ID: 2023-02237
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the PKCS#1 v1.5, RSA-OEAP, and RSASVE encryption algorithms of the OpenSSL cryptographic library is related to the formation of a synchronization side-channel as a result of time divergence. Exploitation of the vulnerability could allow an attacker acting remotely to implement a Bleichenbacher attack
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update openssl command.