--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2022-e05ac11f9b
2022-07-31 00:48:20.349570
--------------------------------------------------------------------------------
Name : openssl11
Product : Fedora EPEL 7
Version : 1.1.1k
Release : 4.el7
URL :
http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS
implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
--------------------------------------------------------------------------------
Update Information:
- backport from 1.1.1k-7: CVE-2022-2097: AES OCB fails to encrypt some bytes
on 32-bit x86 Resolves: CVE-2022-2097 - backport from 1.1.1k-7: Update
expired certificates used in the testsuite Resolves: rhbz#2100554 -
backport from 1.1.1k-7: CVE-2022-1292: openssl: c_rehash script allows command
injection Resolves: rhbz#2090371 - backport from 1.1.1k-7:
CVE-2022-2068: the c_rehash script allows command injection Resolves:
rhbz#2098278
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Robert Scheck <robert(a)fedoraproject.org> 1.1.1k-4
- backport from 1.1.1k-7: CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit
x86
Resolves: CVE-2022-2097
- backport from 1.1.1k-7: Update expired certificates used in the testsuite
Resolves: rhbz#2100554
- backport from 1.1.1k-7: CVE-2022-1292: openssl: c_rehash script allows command
injection
Resolves: rhbz#2090371
- backport from 1.1.1k-7: CVE-2022-2068: the c_rehash script allows command injection
Resolves: rhbz#2098278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
[ 2 ] Bug #2097310 - CVE-2022-2068 openssl: the c_rehash script allows command
injection
https://bugzilla.redhat.com/show_bug.cgi?id=2097310
[ 3 ] Bug #2104905 - CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes
https://bugzilla.redhat.com/show_bug.cgi?id=2104905
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update openssl11' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------