Alerts This Week
Warning Icon 1 1,071
Alerts This Week
Warning Icon 1 1,071

Red Hat: RHSA-2022-7385-01 High: OpenSSL-Container Security Flaw

red hat
Calendar Grey November 2, 2022
Dist Redhat Esm H88
Key Ubuntu alert regarding glibc updates resolving potential vulnerabilities. Full report and corrective measures can be found here.
An update for openssl-container is now available for Red Hat Enterprise Linux 9

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Summary

The ubi9/openssl image provides provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Using the OpenSSL tool, you can generate private keys, create certificate signing requests (CSRs), and display certificate information.
This updates the ubi9/openssl image in the Red Hat Container Registry.
To pull this container image, run one of the following commands:
podman pull registry.redhat.io/rhel9/openssl (authenticated) podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated)
Security Fix(es):
* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update buffer overflow security fix critical impact openssl-container

References

https://access.redhat.com/security/cve/CVE-2022-3602 https://access.redhat.com/security/cve/CVE-2022-3786 https://access.redhat.com/security/updates/classification#critical https://catalog.redhat.com/en/search https://access.redhat.com/security/vulnerabilities/RHSB-2022-004

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:7384-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7384
Issue date: 2022-11-02

Topic

An update for openssl-container is now available for Red Hat EnterpriseLinux 9.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update buffer overflow security fix critical impact openssl-container

Relevant Releases Architectures

Bugs Fixed

2134869 - rebuild of openssl-container 9.0

2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here