{"id":"ALSA-2022:6224","summary":"Moderate: openssl security and bug fix update","details":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\nSecurity Fix(es):\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n* openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343)\n* openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473)\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n* openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nBug Fix(es):\n* openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323)\n* openssl req defaults to 3DES (BZ#2085499)\n* OpenSSL accepts custom elliptic curve parameters when p is large [almalinux-9] (BZ#2085508)\n* OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521)\n* openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554)\n* Converting FIPS power-on self test to KAT (BZ#2086866)\n* Small RSA keys work for some operations in FIPS mode (BZ#2091938)\n* FIPS provider doesn't block RSA encryption for key transport (BZ#2091977)\n* OpenSSL testsuite certificates expired (BZ#2095696)\n* [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044)\n* [FIPS lab review] self-test (BZ#2112978)\n* [FIPS lab review] DH tuning (BZ#2115856)\n* [FIPS lab review] EC tuning (BZ#2115857)\n* [FIPS lab review] RSA tuning (BZ#2115858)\n* [FIPS lab review] RAND tuning (BZ#2115859)\n* [FIPS lab review] zeroization (BZ#2115861)\n* [FIPS lab review] HKDF limitations (BZ#2118388)","modified":"2026-02-04T02:51:14.255262Z","published":"2022-08-30T00:00:00Z","related":["CVE-2022-1292","CVE-2022-1343","CVE-2022-1473","CVE-2022-2068","CVE-2022-2097"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1292"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1343"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1473"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2068"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2097"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2081494"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2087911"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2087913"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2097310"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2104905"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2022-6224.html"}],"affected":[{"package":{"name":"openssl","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/openssl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.0.1-41.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:6224.json"}},{"package":{"name":"openssl-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/openssl-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.0.1-41.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:6224.json"}},{"package":{"name":"openssl-libs","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/openssl-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.0.1-41.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:6224.json"}},{"package":{"name":"openssl-perl","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/openssl-perl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.0.1-41.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:6224.json"}}],"schema_version":"1.7.3"}