- Issued:
- 2025-11-11
- Updated:
- 2025-11-11
RHBA-2025:20119 - Bug Fix Advisory
Synopsis
openssl and openssl-fips-provider bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for multiple packages is now available for Red Hat Enterprise Linux 10.
Description
For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 10 x86_64
- Red Hat Enterprise Linux for IBM z Systems 10 s390x
- Red Hat Enterprise Linux for Power, little endian 10 ppc64le
- Red Hat Enterprise Linux for ARM 64 10 aarch64
Fixes
- RHEL-80811 - Rebase OpenSSL to 3.5
- RHEL-83990 - Remove config_diagnostics=1 from openssl.conf
- RHEL-88906 - NO-ENFORCE-EMS no longer works after rebase to 3.5
- RHEL-88908 - Openssl speed reports error in FIPS mode
- RHEL-88911 - pkeyutl ecdsa sha1 digest is allowed after rebase
- RHEL-88913 - Expose settable params
- RHEL-89137 - Backport patches from upstream OpenSSL
- RHEL-90853 - Enable sslkeylogfile support
- RHEL-93168 - UEFI build fails on duplicate function definition
- RHEL-94614 - Make hybrid MLKEM work with our FIPS provider (3.0.7)
- RHEL-82676 - Describe key conversion from oqsprovider into a standard format
- RHEL-72719 - oqsprovider stores ML-KEM and ML-DSA private keys in non-standard format
- RHEL-47338 - ? syntax for optional names doesn't work in FIPS mode
- RHEL-94305 - Build fails on unused variable error
- RHEL-95613 - keep SLH-DSA self-tests disabled in FIPS mode
- RHEL-97796 - Change config_diagnostics comment to make sense again
CVEs
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 10
| SRPM | |
|---|---|
| openssl-3.5.1-3.el10.src.rpm | SHA-256: f3c9c918b6479fdc5c631d5988e7d1e08123f3323c86f2b0abdcf5b6b1337047 |
| openssl-fips-provider-3.0.7-8.el10.src.rpm | SHA-256: d6d8559e0b79b6291325154e5561394cc59f7c5caa90b8df735dbc3e73feee4a |
| x86_64 | |
| openssl-3.5.1-3.el10.x86_64.rpm | SHA-256: f47096304d4014288199c972700e62edfa4169e535c8e6ff5a57e91f9b3d531a |
| openssl-debuginfo-3.5.1-3.el10.x86_64.rpm | SHA-256: d1ff6ca653e9572cf5ad094694f1c9e1f0270de270f2dcd54285364afb20b7be |
| openssl-debuginfo-3.5.1-3.el10.x86_64.rpm | SHA-256: d1ff6ca653e9572cf5ad094694f1c9e1f0270de270f2dcd54285364afb20b7be |
| openssl-debugsource-3.5.1-3.el10.x86_64.rpm | SHA-256: 148a99cc00780e0ca57797a84f4e43833a9cfb5973fd03b89089246dac8d886c |
| openssl-debugsource-3.5.1-3.el10.x86_64.rpm | SHA-256: 148a99cc00780e0ca57797a84f4e43833a9cfb5973fd03b89089246dac8d886c |
| openssl-devel-3.5.1-3.el10.x86_64.rpm | SHA-256: 02bb710b041c1ef08e020cea6eded9c90b8794ae5929957bc7b18d19cc729ac6 |
| openssl-fips-provider-3.0.7-8.el10.x86_64.rpm | SHA-256: 65a8c1f004534187d0c017f90673c2cac9a9b8e4ee66ac756e7d6b569405dbde |
| openssl-fips-provider-so-3.0.7-8.el10.x86_64.rpm | SHA-256: eb05e457e3dd598c73f40dd7d08aa974e587e70d3ed04c35e62c269b79533a14 |
| openssl-fips-provider-so-debuginfo-3.0.7-8.el10.x86_64.rpm | SHA-256: 40430cc1aed58f58fa7009967f90e3b6dc230dfce518186c5ec55688769c4976 |
| openssl-fips-provider-so-debugsource-3.0.7-8.el10.x86_64.rpm | SHA-256: a804c7bf9350a14a78d17d11c13373ee7d0f48923c2879bda324cf033e2e0b24 |
| openssl-libs-3.5.1-3.el10.x86_64.rpm | SHA-256: b99245931c2efb2787fe4e28b1763b36190f2fac529125c59cde55becbba6ba1 |
| openssl-libs-debuginfo-3.5.1-3.el10.x86_64.rpm | SHA-256: 496c2fa53005567681b769d47b99612a1bd0b45517fd973d9c03b692d7a95eef |
| openssl-libs-debuginfo-3.5.1-3.el10.x86_64.rpm | SHA-256: 496c2fa53005567681b769d47b99612a1bd0b45517fd973d9c03b692d7a95eef |
| openssl-perl-3.5.1-3.el10.x86_64.rpm | SHA-256: 1294d3433cad0ecb8e291bc76df5c837e17de1858f3abe48ca488a5a9d5aa1b8 |
Red Hat Enterprise Linux for IBM z Systems 10
| SRPM | |
|---|---|
| openssl-3.5.1-3.el10.src.rpm | SHA-256: f3c9c918b6479fdc5c631d5988e7d1e08123f3323c86f2b0abdcf5b6b1337047 |
| openssl-fips-provider-3.0.7-8.el10.src.rpm | SHA-256: d6d8559e0b79b6291325154e5561394cc59f7c5caa90b8df735dbc3e73feee4a |
| s390x | |
| openssl-3.5.1-3.el10.s390x.rpm | SHA-256: ab2b557f32ceb08215ea6790d56a4b2104aa6b4719c2aad1f65272c7378c7523 |
| openssl-debuginfo-3.5.1-3.el10.s390x.rpm | SHA-256: 5284685c716b2ca2b2070ee13eb1f4c0f881394f76351d8574ce6a5cccea811d |
| openssl-debuginfo-3.5.1-3.el10.s390x.rpm | SHA-256: 5284685c716b2ca2b2070ee13eb1f4c0f881394f76351d8574ce6a5cccea811d |
| openssl-debugsource-3.5.1-3.el10.s390x.rpm | SHA-256: 1d3396cf9d2574f4314652c4295934983caea1aee1bc94c55d4e24117d2b8de7 |
| openssl-debugsource-3.5.1-3.el10.s390x.rpm | SHA-256: 1d3396cf9d2574f4314652c4295934983caea1aee1bc94c55d4e24117d2b8de7 |
| openssl-devel-3.5.1-3.el10.s390x.rpm | SHA-256: e167e751f6c3bcd6955f94a71cdf1d523f6dcb8337f6241085efc289ad7583f6 |
| openssl-fips-provider-3.0.7-8.el10.s390x.rpm | SHA-256: 0f733d876c271756b308ef958f5461017a5d08c5b61a3207bf9551cd34f76a08 |
| openssl-fips-provider-so-3.0.7-8.el10.s390x.rpm | SHA-256: 4ee3bd6c60742c1d6e58a91164fbaf9f8ec4e6075b9701bd2c61eaa9496326a5 |
| openssl-fips-provider-so-debuginfo-3.0.7-8.el10.s390x.rpm | SHA-256: 67723e9ff1187fb8d1ba599511cab856970912c8cc4be1455b0dc9449c5380d5 |
| openssl-fips-provider-so-debugsource-3.0.7-8.el10.s390x.rpm | SHA-256: 77b15fb21cb9307bf3f1e3ad2c32cdbd810bec474b126044ef5c73546742be83 |
| openssl-libs-3.5.1-3.el10.s390x.rpm | SHA-256: c542acd2fe59d044cf16f2b6faebab6a1724a9a8fe668e1818ab8a9f68fb56fc |
| openssl-libs-debuginfo-3.5.1-3.el10.s390x.rpm | SHA-256: 9bb310d9de94de8459f3e937b7a96bc03483caa0ddd6fbc17b7b2071cded70b4 |
| openssl-libs-debuginfo-3.5.1-3.el10.s390x.rpm | SHA-256: 9bb310d9de94de8459f3e937b7a96bc03483caa0ddd6fbc17b7b2071cded70b4 |
| openssl-perl-3.5.1-3.el10.s390x.rpm | SHA-256: fd2443ef7bde7a6692aac8e38c46c0f5913e91346ccab877d6ee18bfbf9fa468 |
Red Hat Enterprise Linux for Power, little endian 10
| SRPM | |
|---|---|
| openssl-3.5.1-3.el10.src.rpm | SHA-256: f3c9c918b6479fdc5c631d5988e7d1e08123f3323c86f2b0abdcf5b6b1337047 |
| openssl-fips-provider-3.0.7-8.el10.src.rpm | SHA-256: d6d8559e0b79b6291325154e5561394cc59f7c5caa90b8df735dbc3e73feee4a |
| ppc64le | |
| openssl-3.5.1-3.el10.ppc64le.rpm | SHA-256: 9af46474dc3107d9c13ab5f97d4aef01d3d584098ea80eb3b33a1bf0561de593 |
| openssl-debuginfo-3.5.1-3.el10.ppc64le.rpm | SHA-256: 0491fe2e8a38ffdd887ca23166525954c1d2321317faacf60dbc65b3f642adef |
| openssl-debuginfo-3.5.1-3.el10.ppc64le.rpm | SHA-256: 0491fe2e8a38ffdd887ca23166525954c1d2321317faacf60dbc65b3f642adef |
| openssl-debugsource-3.5.1-3.el10.ppc64le.rpm | SHA-256: 3c2f81741eae8db84284487cb47043348539ebe155ff6864903fb9e8da7eb146 |
| openssl-debugsource-3.5.1-3.el10.ppc64le.rpm | SHA-256: 3c2f81741eae8db84284487cb47043348539ebe155ff6864903fb9e8da7eb146 |
| openssl-devel-3.5.1-3.el10.ppc64le.rpm | SHA-256: 31ba616a81c6918d05823a20a1a5e6c5cdf53eb1d2633c89960fa306392e73c6 |
| openssl-fips-provider-3.0.7-8.el10.ppc64le.rpm | SHA-256: 2182c364e15ead36078e7ebc1e6d444e65076741f50a6f3f708978c6369884f9 |
| openssl-fips-provider-so-3.0.7-8.el10.ppc64le.rpm | SHA-256: 87f73121329af9728ae723395010dc455bd929e409cf8cae016265175dcde37d |
| openssl-fips-provider-so-debuginfo-3.0.7-8.el10.ppc64le.rpm | SHA-256: c845a28c199f89480cbe909cd39b9688fe908c8a52cfefc2a0f03522a8ed87f4 |
| openssl-fips-provider-so-debugsource-3.0.7-8.el10.ppc64le.rpm | SHA-256: 81ce465129656f4d292c988837c40450cd98e731c968a217350bef917b44d1d2 |
| openssl-libs-3.5.1-3.el10.ppc64le.rpm | SHA-256: ebf5ddf342cf9dd86f9e8861e2c8fdd041c866c766010c5bafa9e21073379556 |
| openssl-libs-debuginfo-3.5.1-3.el10.ppc64le.rpm | SHA-256: ffde7a2ae440e7c2e8f8d6ebedbf3f827992ec5ebdc73727ed40c4af16091d86 |
| openssl-libs-debuginfo-3.5.1-3.el10.ppc64le.rpm | SHA-256: ffde7a2ae440e7c2e8f8d6ebedbf3f827992ec5ebdc73727ed40c4af16091d86 |
| openssl-perl-3.5.1-3.el10.ppc64le.rpm | SHA-256: 19bd3fdc1ef5897d85114e560588025e72e83ecaf1c041f52f1d1b5f4e15aa5d |
Red Hat Enterprise Linux for ARM 64 10
| SRPM | |
|---|---|
| openssl-3.5.1-3.el10.src.rpm | SHA-256: f3c9c918b6479fdc5c631d5988e7d1e08123f3323c86f2b0abdcf5b6b1337047 |
| openssl-fips-provider-3.0.7-8.el10.src.rpm | SHA-256: d6d8559e0b79b6291325154e5561394cc59f7c5caa90b8df735dbc3e73feee4a |
| aarch64 | |
| openssl-3.5.1-3.el10.aarch64.rpm | SHA-256: 576e1ef8beee402d4fad2e1f7d5db98645632d5f7940a3cc8d1ba7d419a2bef5 |
| openssl-debuginfo-3.5.1-3.el10.aarch64.rpm | SHA-256: 743020072f57c8140de037aabd401925c067b6e5394528dca09974ce730fe44f |
| openssl-debuginfo-3.5.1-3.el10.aarch64.rpm | SHA-256: 743020072f57c8140de037aabd401925c067b6e5394528dca09974ce730fe44f |
| openssl-debugsource-3.5.1-3.el10.aarch64.rpm | SHA-256: 14ec93bd9e57f469111a37a91b1b37ae11e41783d95d0d4e2f32c5cc672b05b8 |
| openssl-debugsource-3.5.1-3.el10.aarch64.rpm | SHA-256: 14ec93bd9e57f469111a37a91b1b37ae11e41783d95d0d4e2f32c5cc672b05b8 |
| openssl-devel-3.5.1-3.el10.aarch64.rpm | SHA-256: de5d1abff58b3f86e8411fb633f30cc85b42aee1d1e835c8806fe3ccd0d9bcb8 |
| openssl-fips-provider-3.0.7-8.el10.aarch64.rpm | SHA-256: 636a9b49f220ec6cc4abcd44bde22d5f8ada4e0dfd5966078677663c8dd4bd63 |
| openssl-fips-provider-so-3.0.7-8.el10.aarch64.rpm | SHA-256: 91008bd4ec4a4d4a27d7c2619793c6de8f77723d5db071b3c91ed0e2ee166451 |
| openssl-fips-provider-so-debuginfo-3.0.7-8.el10.aarch64.rpm | SHA-256: a4b2b6073f77bd5f8f489d3c7a5dde85517618ed9f1068499e1ac9377d2687ee |
| openssl-fips-provider-so-debugsource-3.0.7-8.el10.aarch64.rpm | SHA-256: e8744090bbceb6dd52fbaed523a97234583c2339b34dd9bdce33d3a6e1266e09 |
| openssl-libs-3.5.1-3.el10.aarch64.rpm | SHA-256: 414736574cfc56c28f5c01a2de3133df370a37d23d068b4a593efa8965d84e44 |
| openssl-libs-debuginfo-3.5.1-3.el10.aarch64.rpm | SHA-256: dc2753ee3b96031f3cb40656acbd233f230ce7ca4f765714151e4ce5d2b51055 |
| openssl-libs-debuginfo-3.5.1-3.el10.aarch64.rpm | SHA-256: dc2753ee3b96031f3cb40656acbd233f230ce7ca4f765714151e4ce5d2b51055 |
| openssl-perl-3.5.1-3.el10.aarch64.rpm | SHA-256: 5bcf09b159ddbc2a7e51aaa73d766cca47b961b1ab0a6f9d18d767f96f32058f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
