- Issued:
- 2022-06-02
- Updated:
- 2022-06-03
RHSA-2022:4899 - Security Advisory
Synopsis
Important: compat-openssl11 security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries.
Security Fix(es):
- openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- compat-openssl11 breaks in FIPS (BZ#2091968)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 9
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| x86_64 | |
| compat-openssl11-1.1.1k-4.el9_0.i686.rpm | SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350 |
| compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm | SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm | SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| x86_64 | |
| compat-openssl11-1.1.1k-4.el9_0.i686.rpm | SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350 |
| compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm | SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm | SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| s390x | |
| compat-openssl11-1.1.1k-4.el9_0.s390x.rpm | SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm | SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm | SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| s390x | |
| compat-openssl11-1.1.1k-4.el9_0.s390x.rpm | SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm | SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm | SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0 |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| ppc64le | |
| compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| ppc64le | |
| compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| aarch64 | |
| compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| aarch64 | |
| compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| ppc64le | |
| compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 3e193e2ae5b59d9f1601b20110a94af1055df7fbfa7b58406f22daf97ffe3ef4 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 7d615750d2eccf49e6f26c2d5d8b3ce1364cf62aad4342b63161a0c32d210131 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm | SHA-256: 4a5117e1d64eb116d287d5052996d92ac351270a356cb1e533d84468aadc6797 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| x86_64 | |
| compat-openssl11-1.1.1k-4.el9_0.i686.rpm | SHA-256: eb12cd6970549beb6d96602ef534b5fb6c33f33f90dc3ea75c7a379719d36350 |
| compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: b003f71a0c1685a9eba34932f4947089dfe8e36fbabddb04b6f1f67057dca265 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm | SHA-256: fcac467caec1f28aa9dcf9faf73dc8f320d141d9a9096b9f0f8aa22488bbe193 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: 7aba20e90bbe0895b5540f74898b2e86b076db5a53c40362cd54e41aaa3cc6d9 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm | SHA-256: afeb4f436cbc6db1f87fe636d0a15917458bd934d916e64c61dedd7db8854df2 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm | SHA-256: dc8d6f0bcd9433bcea20a177dbaf30e43a31e5badadcfb7bebb390ccff94681a |
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| aarch64 | |
| compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: a3efa801904cbe9c9bb8daf8c8721d3f8c3dd2280cea2308bbd52a0a0b8081a3 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: d84ec1881d39eb44ff94ade972c58d4c032dfae1ac5efc0732e2727db315f471 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm | SHA-256: 50189828dc73e1af170e7eb64dbd6d0dc8bdf2c3c325284fc11187df8b0687b1 |
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
| SRPM | |
|---|---|
| compat-openssl11-1.1.1k-4.el9_0.src.rpm | SHA-256: fd82b7ead5fbb542fda1d008c8abde244f255f071970fc4e49231f1111d0dba7 |
| s390x | |
| compat-openssl11-1.1.1k-4.el9_0.s390x.rpm | SHA-256: 2ecf0f8f5675afd8aa9af818918d8f3f1f6522e60bf52b26f64bfa5687995e17 |
| compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm | SHA-256: bd89804c192436a04402d167952fde9fae45d0a7ce9793ef641cac6102f88d74 |
| compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm | SHA-256: 067c8f573d34f05feb60c1242d29fecea2eb839298f680b7f337b9d55217d5d0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.