Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1073: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-03-28

Updated:

2022-03-28

RHSA-2022:1073 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: openssl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssl is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM

openssl-1.0.1e-60.el6_10.src.rpm

SHA-256: 933ba2e5958c7155974f670cf2e6b455a832c61d98363bdeda2ea672ce2cd46a

x86_64

openssl-1.0.1e-60.el6_10.i686.rpm

SHA-256: 781bea1e68d5c3f615686c9123a6091389a05e3666b3b8420b4cc1d3ec5f2de2

openssl-1.0.1e-60.el6_10.x86_64.rpm

SHA-256: 970d2fd0aebe4602ce21a102673a3a3950267d433f7c903c39d10c8935661890

openssl-debuginfo-1.0.1e-60.el6_10.i686.rpm

SHA-256: ac715a329299f559e65f531529a787ddd5c65392f9189f483c90d11aa405ffba

openssl-debuginfo-1.0.1e-60.el6_10.x86_64.rpm

SHA-256: 8c25775657a44a2298317ec88e8e98e9be4f554c7d1fe1c7d67a1cc56567224e

openssl-debuginfo-1.0.1e-60.el6_10.x86_64.rpm

SHA-256: 8c25775657a44a2298317ec88e8e98e9be4f554c7d1fe1c7d67a1cc56567224e

openssl-devel-1.0.1e-60.el6_10.i686.rpm

SHA-256: 1051405b1c8a3e8c84cfaa43faa3b31675224e22ab891892cce58f508214b8fc

openssl-devel-1.0.1e-60.el6_10.x86_64.rpm

SHA-256: e3065b6fc53c1083480c229df0667a6c8b11b6640da1b6f2374a5eb3e85457c8

openssl-perl-1.0.1e-60.el6_10.x86_64.rpm

SHA-256: 3705b01395ef746ceecba4908e856121113594ff9b6ad28f5aa95831d21a10c4

openssl-static-1.0.1e-60.el6_10.x86_64.rpm

SHA-256: a6e0b48053478ca4682b4ef92232b7853f91f165114bd2573acb1819b0c64ef2

i386

openssl-1.0.1e-60.el6_10.i686.rpm

SHA-256: 781bea1e68d5c3f615686c9123a6091389a05e3666b3b8420b4cc1d3ec5f2de2

openssl-debuginfo-1.0.1e-60.el6_10.i686.rpm

SHA-256: ac715a329299f559e65f531529a787ddd5c65392f9189f483c90d11aa405ffba

openssl-debuginfo-1.0.1e-60.el6_10.i686.rpm

SHA-256: ac715a329299f559e65f531529a787ddd5c65392f9189f483c90d11aa405ffba

openssl-devel-1.0.1e-60.el6_10.i686.rpm

SHA-256: 1051405b1c8a3e8c84cfaa43faa3b31675224e22ab891892cce58f508214b8fc

openssl-perl-1.0.1e-60.el6_10.i686.rpm

SHA-256: 6f256e1d0491ab42e738d56fe3836773f1dacf52fc94a95f2c2c25918ad09065

openssl-static-1.0.1e-60.el6_10.i686.rpm

SHA-256: 6552c02fd5d762108cc2b5cdac4fa2da94dc8a7025b0fb55da75174f308d3ec0

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM

openssl-1.0.1e-60.el6_10.src.rpm

SHA-256: 933ba2e5958c7155974f670cf2e6b455a832c61d98363bdeda2ea672ce2cd46a

s390x

openssl-1.0.1e-60.el6_10.s390.rpm

SHA-256: 8f664110ef743f5c91358e7970ed2416f4900a977d1005d486c50b3b0894d60b

openssl-1.0.1e-60.el6_10.s390x.rpm

SHA-256: b3c1a7e2dd5422ca815b48e91b2c7f06387c92a4d61661abd2c955a852faad1d

openssl-debuginfo-1.0.1e-60.el6_10.s390.rpm

SHA-256: e22d491d184c699282afb9230f277245d7cc237ef582c0c3a6f5025a2be1a60c

openssl-debuginfo-1.0.1e-60.el6_10.s390x.rpm

SHA-256: af780a193a3869d46a3e7e1c1380a3ccdaa93379739e842db12c379bef50d0db

openssl-debuginfo-1.0.1e-60.el6_10.s390x.rpm

SHA-256: af780a193a3869d46a3e7e1c1380a3ccdaa93379739e842db12c379bef50d0db

openssl-devel-1.0.1e-60.el6_10.s390.rpm

SHA-256: acdf726c9566833f7ccc30b46e8d2861fe180efdfd89b3d6686676f2ac31419d

openssl-devel-1.0.1e-60.el6_10.s390x.rpm

SHA-256: b1449bc810d0acd86520c0df7c9a0ca7565320bae0f6f5f8591df3f1ac16773e

openssl-perl-1.0.1e-60.el6_10.s390x.rpm

SHA-256: c087df94349b8ad989b626f55f07a237627f38756d3d5705614d5c657e48fb77

openssl-static-1.0.1e-60.el6_10.s390x.rpm

SHA-256: 85239bb7fa1e71a5e39cd15583515ca184abdd8fee02f105681b3ee297ab367a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data