MiracleLinux 9 : openssl-3.0.1-47.el9 (AXSA:2023-5192:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5192:01 advisory. openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RSA Decryption implementation CVE-2022-4304...

openssl security update

3.0.1-47.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-47 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

openssl security and bug fix update

3.0.1-47.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-47 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 High: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for...