Moderate: openssl security and bug fix update

Topic

An update for openssl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

• openssl: c_rehash script allows command injection (CVE-2022-1292)
• openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343)
• openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473)
• openssl: the c_rehash script allows command injection (CVE-2022-2068)
• openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323)
• openssl req defaults to 3DES (BZ#2085499)
• OpenSSL accepts custom elliptic curve parameters when p is large [rhel-9] (BZ#2085508)
• OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521)
• openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554)
• Converting FIPS power-on self test to KAT (BZ#2086866)
• Small RSA keys work for some operations in FIPS mode (BZ#2091938)
• FIPS provider doesn't block RSA encryption for key transport (BZ#2091977)
• OpenSSL testsuite certificates expired (BZ#2095696)
• [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044)
• [FIPS lab review] self-test (BZ#2112978)
• [FIPS lab review] DH tuning (BZ#2115856)
• [FIPS lab review] EC tuning (BZ#2115857)
• [FIPS lab review] RSA tuning (BZ#2115858)
• [FIPS lab review] RAND tuning (BZ#2115859)
• [FIPS lab review] zeroization (BZ#2115861)
• [FIPS lab review] HKDF limitations (BZ#2118388)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

• Red Hat Enterprise Linux for x86_64 9 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
• Red Hat Enterprise Linux for IBM z Systems 9 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
• Red Hat Enterprise Linux for Power, little endian 9 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
• Red Hat Enterprise Linux for ARM 64 9 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
• Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
• Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

• BZ - 2080323 - openssl occasionally sends internal error to gnutls when using FFDHE [rhel-9.0.0.z]
• BZ - 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
• BZ - 2082584 - OpenSSL FIPS module should not build in non-approved algorithms [rhel-9.0.0.z]
• BZ - 2082585 - Change FIPS module version to include hash of specfile, patches and sources [rhel-9.0.0.z]
• BZ - 2085499 - openssl req defaults to 3DES [rhel-9.0.0.z]
• BZ - 2085500 - Specifying the openssl config file explicitly causes provider initialisation to fail in FIPS mode [rhel-9.0.0.z]
• BZ - 2085521 - OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode [rhel-9.0.0.z]
• BZ - 2086554 - openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 [rhel-9.0.0.z]
• BZ - 2086866 - Converting FIPS power-on self test to KAT [rhel-9.0.0.z]
• BZ - 2087234 - openssl in FIPS mode verifies SHA-1 signatures, but should not [rhel-9.0.0.z]
• BZ - 2087911 - CVE-2022-1343 openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS
• BZ - 2087913 - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
• BZ - 2091938 - Small RSA keys work for some operations in FIPS mode [rhel-9.0.0.z]
• BZ - 2091977 - FIPS provider doesn't block RSA encryption for key transport [rhel-9.0.0.z]
• BZ - 2091994 - Incomplete filtering of ciphersuites in FIPS mode [rhel-9.0.0.z]
• BZ - 2095696 - OpenSSL testsuite certificates expired [rhel-9.0.0.z]
• BZ - 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
• BZ - 2101346 - PPC 64 Montgomery mult is buggy [rhel-9.0.0.z]
• BZ - 2104905 - CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes
• BZ - 2107530 - sscg FTBFS in rhel-9.1 [rhel-9.0.0.z]
• BZ - 2112978 - [FIPS lab review] self-test [rhel-9.0.0.z]
• BZ - 2115856 - [FIPS lab review] DH tuning [rhel-9.0.0.z]
• BZ - 2115857 - [FIPS lab review] EC tuning [rhel-9.0.0.z]
• BZ - 2115858 - [FIPS lab review] RSA tuning [rhel-9.0.0.z]
• BZ - 2115859 - [FIPS lab review] RAND tuning [rhel-9.0.0.z]
• BZ - 2115861 - [FIPS lab review] zeroization [rhel-9.0.0.z]
• BZ - 2118388 - [FIPS lab review] HKDF limitations [rhel-9.0.0.z]

CVEs

• CVE-2022-1292
• CVE-2022-1343
• CVE-2022-1473
• CVE-2022-2068
• CVE-2022-2097

References

• https://access.redhat.com/security/updates/classification/#moderate