RHSA-2022:1065: Red Hat Security Advisory: openssl security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-03-28

Updated:

2022-03-28

RHSA-2022:1065 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: openssl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

• openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Red Hat Enterprise Linux for x86_64 8

SRPM

openssl-1.1.1k-6.el8_5.src.rpm

SHA-256: 3baa0c947311729e692107681541d1b249545a0c5f63928f55c6c36c1555c0bd

x86_64

openssl-1.1.1k-6.el8_5.x86_64.rpm

SHA-256: 18b729cdb8626a4f7e4dd96099515c51f3f1c5d828c6c63f49d295741a49c175

openssl-debuginfo-1.1.1k-6.el8_5.i686.rpm

SHA-256: adc44360d042800ae99537f5fa590ec3f9089b4d08578f8c35b9f699e0e68798

openssl-debuginfo-1.1.1k-6.el8_5.x86_64.rpm

SHA-256: a8f9a3afe13f08b95ec70a366d5c5ede80848f197648ff023d5d1cdac3734562

openssl-debugsource-1.1.1k-6.el8_5.i686.rpm

SHA-256: 6b96474748606fb10bc7146eab2439eeeac21d46d8c3b94028b5189117e869a2

openssl-debugsource-1.1.1k-6.el8_5.x86_64.rpm

SHA-256: 4ad9cc699da342f49676b98181f93c2db9064d78d6a09593ecf28015fecabf27

openssl-devel-1.1.1k-6.el8_5.i686.rpm

SHA-256: 8974372050a118e88e85abc36afc090c478a26127fd60edc861f1bd79d6cc22b

openssl-devel-1.1.1k-6.el8_5.x86_64.rpm

SHA-256: 36a5565360823d23661379604f49584198b293b25fca3770c210ccc310f3ee53

openssl-libs-1.1.1k-6.el8_5.i686.rpm

SHA-256: c27aa87c0b979dcc9bb6f3aa4c091d7f0b151af54e35b0b6788ad82069c07b2c

openssl-libs-1.1.1k-6.el8_5.x86_64.rpm

SHA-256: 400333a8506f822ffb17a00a1a6713b4a37e5750b5ce4dfd8e06fbf33cc7df55

openssl-libs-debuginfo-1.1.1k-6.el8_5.i686.rpm

SHA-256: afdd40bba818e391bbabdf12d12a546fef675e5a3f70bd188fe0e7e9bf15e6e3

openssl-libs-debuginfo-1.1.1k-6.el8_5.x86_64.rpm

SHA-256: 0e9e80d25693f8da89a9656bb9c569a71e0815cc3c56e6a336b912aa90ff4ca5

openssl-perl-1.1.1k-6.el8_5.x86_64.rpm

SHA-256: 0a20476f5ae7d3e1ab1667f8c2bdf22cf4f004e6cf30777c247c6c453ba8eaa0

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

openssl-1.1.1k-6.el8_5.src.rpm

SHA-256: 3baa0c947311729e692107681541d1b249545a0c5f63928f55c6c36c1555c0bd

s390x

openssl-1.1.1k-6.el8_5.s390x.rpm

SHA-256: 256b15609033c958ddadfd102e0a192f65124cd621ade0002690c233845fad37

openssl-debuginfo-1.1.1k-6.el8_5.s390x.rpm

SHA-256: 365924aed773d4b90ca34eb4bf7c8fa24ac485dd993212e877a54aa63589fa09

openssl-debugsource-1.1.1k-6.el8_5.s390x.rpm

SHA-256: 1bc57f1f41e92bf92f4f0720783f6c68d3e21326ced44bc711bbc5255ec86061

openssl-devel-1.1.1k-6.el8_5.s390x.rpm

SHA-256: 7b1f6039ddc24f1a871640859cafc9029515b90b2cf76404c4f33d87d2d1dcc7

openssl-libs-1.1.1k-6.el8_5.s390x.rpm

SHA-256: 861a0b33d0f6c6a80f1514bdb3b3d516caf26bf6d943159ae1551e8f02cf4a2c

openssl-libs-debuginfo-1.1.1k-6.el8_5.s390x.rpm

SHA-256: 41679974b4e9a764a816db22c34a5ab19ee8258d0a4ba2cc05f70b67671f023d

openssl-perl-1.1.1k-6.el8_5.s390x.rpm

SHA-256: bf5fa17c7fd88ccb072faf84f5b49c526e795ee9b5d87b550426609d032fca9e

Red Hat Enterprise Linux for Power, little endian 8

SRPM

openssl-1.1.1k-6.el8_5.src.rpm

SHA-256: 3baa0c947311729e692107681541d1b249545a0c5f63928f55c6c36c1555c0bd

ppc64le

openssl-1.1.1k-6.el8_5.ppc64le.rpm

SHA-256: 785a86782bf2ff2578679f5ab1230c0aca05f6045cdfe837d5e2cc6382f3e5f4

openssl-debuginfo-1.1.1k-6.el8_5.ppc64le.rpm

SHA-256: 094f33408520f7f2ad058180abc4873f9c161c4b0c6c241f676a96dc232da1fc

openssl-debugsource-1.1.1k-6.el8_5.ppc64le.rpm

SHA-256: 0ea2f0a17c7b354a37c26a920a97b81a3cb8da0d80cb08aac5b6dfb9709dc640

openssl-devel-1.1.1k-6.el8_5.ppc64le.rpm

SHA-256: 26356708f346133a6c8d4e068f288a38a551923ddd15f5356c546ea50dac4080

openssl-libs-1.1.1k-6.el8_5.ppc64le.rpm

SHA-256: c68b98d8addefb1937339c6dbfded251a94bebba9da4dcdabd8ebf801e255871

openssl-libs-debuginfo-1.1.1k-6.el8_5.ppc64le.rpm

SHA-256: 392b94fa4585f24e06687863edfb0f84079a60f98d8475a9ef2b96ad8d1ce9f0

openssl-perl-1.1.1k-6.el8_5.ppc64le.rpm

SHA-256: b36b501db6da0f676e4d643992deab8581490c8aafdfbdf278e6f46234c6cff1

Red Hat Enterprise Linux for ARM 64 8

SRPM

openssl-1.1.1k-6.el8_5.src.rpm

SHA-256: 3baa0c947311729e692107681541d1b249545a0c5f63928f55c6c36c1555c0bd

aarch64

openssl-1.1.1k-6.el8_5.aarch64.rpm

SHA-256: 91c7787a1e04b3acb0f93fc98427ef76daa1fa3fc6cc66c31c086e759e68a557

openssl-debuginfo-1.1.1k-6.el8_5.aarch64.rpm

SHA-256: b91605dab0eb97d035fe29d967aeccc2e9340000104633e1a2d8cee5ff204fa6

openssl-debugsource-1.1.1k-6.el8_5.aarch64.rpm

SHA-256: 826416f237effcabfcb250a5b09d6a06cec0959c2ea6a6e4cf83a3ea70c2cf27

openssl-devel-1.1.1k-6.el8_5.aarch64.rpm

SHA-256: 0a46323eaaf33fd75061d7ee5f92490866235fbfcb018c0f68e19dd296d25178

openssl-libs-1.1.1k-6.el8_5.aarch64.rpm

SHA-256: 81f340a57043aee342d58b4b383c440492f5fa51e473a7e8e497c02075f79060

openssl-libs-debuginfo-1.1.1k-6.el8_5.aarch64.rpm

SHA-256: fdaf3a491cde2d8676ea2e5e027d24bfce89d06948565210f4b5e18c19b769d3

openssl-perl-1.1.1k-6.el8_5.aarch64.rpm

SHA-256: 61778826e68926ff480e1f3955ce34d1eec3c7d1eda47f04c445f46d4207cf00

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.