-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2022:1071-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1071 Issue date: 2022-03-28 CVE Names: CVE-2022-0778 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.4): Source: openssl-1.1.1g-16.el8_4.src.rpm aarch64: openssl-1.1.1g-16.el8_4.aarch64.rpm openssl-debuginfo-1.1.1g-16.el8_4.aarch64.rpm openssl-debugsource-1.1.1g-16.el8_4.aarch64.rpm openssl-devel-1.1.1g-16.el8_4.aarch64.rpm openssl-libs-1.1.1g-16.el8_4.aarch64.rpm openssl-libs-debuginfo-1.1.1g-16.el8_4.aarch64.rpm openssl-perl-1.1.1g-16.el8_4.aarch64.rpm ppc64le: openssl-1.1.1g-16.el8_4.ppc64le.rpm openssl-debuginfo-1.1.1g-16.el8_4.ppc64le.rpm openssl-debugsource-1.1.1g-16.el8_4.ppc64le.rpm openssl-devel-1.1.1g-16.el8_4.ppc64le.rpm openssl-libs-1.1.1g-16.el8_4.ppc64le.rpm openssl-libs-debuginfo-1.1.1g-16.el8_4.ppc64le.rpm openssl-perl-1.1.1g-16.el8_4.ppc64le.rpm s390x: openssl-1.1.1g-16.el8_4.s390x.rpm openssl-debuginfo-1.1.1g-16.el8_4.s390x.rpm openssl-debugsource-1.1.1g-16.el8_4.s390x.rpm openssl-devel-1.1.1g-16.el8_4.s390x.rpm openssl-libs-1.1.1g-16.el8_4.s390x.rpm openssl-libs-debuginfo-1.1.1g-16.el8_4.s390x.rpm openssl-perl-1.1.1g-16.el8_4.s390x.rpm x86_64: openssl-1.1.1g-16.el8_4.x86_64.rpm openssl-debuginfo-1.1.1g-16.el8_4.i686.rpm openssl-debuginfo-1.1.1g-16.el8_4.x86_64.rpm openssl-debugsource-1.1.1g-16.el8_4.i686.rpm openssl-debugsource-1.1.1g-16.el8_4.x86_64.rpm openssl-devel-1.1.1g-16.el8_4.i686.rpm openssl-devel-1.1.1g-16.el8_4.x86_64.rpm openssl-libs-1.1.1g-16.el8_4.i686.rpm openssl-libs-1.1.1g-16.el8_4.x86_64.rpm openssl-libs-debuginfo-1.1.1g-16.el8_4.i686.rpm openssl-libs-debuginfo-1.1.1g-16.el8_4.x86_64.rpm openssl-perl-1.1.1g-16.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYkHUndzjgjWX9erEAQjUzg//ZffmNyyoJ5eE0mKMilpE4kPrMcH527o4 yGcisLYvyJTNC6WYu05ctaReAS0IaVkk99NK0v3S0GR2kCIUImMZfRJ79F64GaIZ zaCWqQo7L/GE3hupYCXMljZg/yv0xokyybV4Ue5B4THLaZDkh0aMJSdf4t7aQtsf c6SY6DpS1exZb0B1TbbEYhzRwstpR796EAHpIJWOlAzr0hz/DDxU4UBmShu5lle5 V6kPwTeMOzmlJJHkA/PK4smBRH+KGM/tzI1/cnicI4NVO5+OhSDwqPRxz+NyMNV3 bPrDwqaMR66WdahptqLWj6djgTvkMJOgwsFHkNnH42MYOuWjXssBFGwbHjQR2kwf 1X/t0skZu+cnQtCUAsbqdHP2rNecTO2nL87NP+UxCU/rXH7S1CdvL7eWpct6FbKD cvHMOAIBJGuKZRkY0H/CHzgf0+V0oOWB1L2p+Mz22X9qeKUXxLtzynzCpStNe9UZ vNhO+e5cOcATHQDmVFZ+raKDoUQMrERn1DhZoNkTF/JVTAabDFngu92RHwn7Qb/2 owIytRTpoCh1sqa8c8DLJxQBaPuROdxigHKFTcpBW98VaMHUawV6I5AOnvxBkxhf GM//BmoITTubjrLWTfI0feAfwDJU2H8TyRA2ILpJ9TC7/lu14wyL7qskCw0/e2yc DOHK1XmKpUg=Eupg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce