-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: openssl-container security update Advisory ID: RHSA-2022:7384-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7384 Issue date: 2022-11-02 CVE Names: CVE-2022-3602 CVE-2022-3786 ==================================================================== 1. Summary: An update for openssl-container is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The ubi9/openssl image provides provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Using the OpenSSL tool, you can generate private keys, create certificate signing requests (CSRs), and display certificate information. This updates the ubi9/openssl image in the Red Hat Container Registry. To pull this container image, run one of the following commands: podman pull registry.redhat.io/rhel9/openssl (authenticated) podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated) Security Fix(es): * OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Bugs fixed (https://bugzilla.redhat.com/): 2134869 - rebuild of openssl-container 9.0 2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow 5. References: https://access.redhat.com/security/cve/CVE-2022-3602 https://access.redhat.com/security/cve/CVE-2022-3786 https://access.redhat.com/security/updates/classification/#critical https://catalog.redhat.com/software/containers/search https://access.redhat.com/security/vulnerabilities/RHSB-2022-004 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2MRgtzjgjWX9erEAQgHMBAAgjuU0cGu47ptVYHjuJHUUBIrQaAjqcwW MffMcu54pXHcKaFi0FV7moAJ5mawQWAamunMaleKScdinaYMk9W8RtLg8jO9flpm vN1tTVvIyoSQ9KKe/1jde37VbtkNL5FmV9uWfMCL55qqF4FL0a6zFLbPDjWXaxh9 UvXds0G1JqUkHnSCrxIMP9UJrTvMQRxI06BfBkstMbfdUd26gfmcyTux9IyVZQnc YKnDaYKsMGmy+iX1Fe7FlfnAyA04MEVsqCa82MbD47TDRmFtrkurZO0R71MDGVVZ 75AnDX+Z5o6Z7tZcmXWdz67aEZ4ApPVqvRjtd7D8LDGfJCDZC0HTS0cvUozJOqsL cl3owpI3Kj+bx8S+dtfjgRfMNXU4IRl4T+qSTBwE1jEY/s44NvJjGYDBGUqneUtF V7Hv7JkApSgx5OxLz2zK75DiGqL9fD/qpNHhj73KHWvvSKvNEGlmkIWWF1wkC5XO Z/Ld5Q/FW9bchkQwxEJuxykzukzn2m6xUqVKjfB4ErhCBfoqredYY7jcNLYJcgOU BNaR9kH1kRRp2F55QmA03dxU6FPn4N1CoOHJsrxvF4lIXkrgCzu9QTVPqOONSg+i dQJYzvrv9r7E0AT7iSOzlBj3VUZqL3NktNb+4fOY9RwgRMdkBBi0ofykujSXeI2S 8OZlzBFtsPA=1WnU -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce