[RHSA-2020:4514-01] Low: openssl security, bug fix, and enhancement update

Security announcements for all Red Hat products and services. rhsa-announce at redhat.com
Wed Nov 4 04:48:34 UTC 2020 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: openssl security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4514-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4514
Issue date:        2020-11-03
CVE Names:         CVE-2019-1551 
=====================================================================

1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

The following packages have been upgraded to a later upstream version:
openssl (1.1.1g). (BZ#1817593)

Security Fix(es):

* openssl: Integer overflow in RSAZ modular exponentiation on x86_64
(CVE-2019-1551)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

1780995 - CVE-2019-1551 openssl: Integer overflow in RSAZ modular exponentiation on x86_64
1844607 - OpenSSL will use unsafe FFDH primes with 2048 bit RSA keys

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
openssl-1.1.1g-11.el8.src.rpm

aarch64:
openssl-1.1.1g-11.el8.aarch64.rpm
openssl-debuginfo-1.1.1g-11.el8.aarch64.rpm
openssl-debugsource-1.1.1g-11.el8.aarch64.rpm
openssl-devel-1.1.1g-11.el8.aarch64.rpm
openssl-libs-1.1.1g-11.el8.aarch64.rpm
openssl-libs-debuginfo-1.1.1g-11.el8.aarch64.rpm
openssl-perl-1.1.1g-11.el8.aarch64.rpm

ppc64le:
openssl-1.1.1g-11.el8.ppc64le.rpm
openssl-debuginfo-1.1.1g-11.el8.ppc64le.rpm
openssl-debugsource-1.1.1g-11.el8.ppc64le.rpm
openssl-devel-1.1.1g-11.el8.ppc64le.rpm
openssl-libs-1.1.1g-11.el8.ppc64le.rpm
openssl-libs-debuginfo-1.1.1g-11.el8.ppc64le.rpm
openssl-perl-1.1.1g-11.el8.ppc64le.rpm

s390x:
openssl-1.1.1g-11.el8.s390x.rpm
openssl-debuginfo-1.1.1g-11.el8.s390x.rpm
openssl-debugsource-1.1.1g-11.el8.s390x.rpm
openssl-devel-1.1.1g-11.el8.s390x.rpm
openssl-libs-1.1.1g-11.el8.s390x.rpm
openssl-libs-debuginfo-1.1.1g-11.el8.s390x.rpm
openssl-perl-1.1.1g-11.el8.s390x.rpm

x86_64:
openssl-1.1.1g-11.el8.x86_64.rpm
openssl-debuginfo-1.1.1g-11.el8.i686.rpm
openssl-debuginfo-1.1.1g-11.el8.x86_64.rpm
openssl-debugsource-1.1.1g-11.el8.i686.rpm
openssl-debugsource-1.1.1g-11.el8.x86_64.rpm
openssl-devel-1.1.1g-11.el8.i686.rpm
openssl-devel-1.1.1g-11.el8.x86_64.rpm
openssl-libs-1.1.1g-11.el8.i686.rpm
openssl-libs-1.1.1g-11.el8.x86_64.rpm
openssl-libs-debuginfo-1.1.1g-11.el8.i686.rpm
openssl-libs-debuginfo-1.1.1g-11.el8.x86_64.rpm
openssl-perl-1.1.1g-11.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-1551
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6IyntzjgjWX9erEAQimug//V9J7fIE9fRajiEAaX2OZ1opqOBJbn4Qb
ey0xeeI9Tm7SZ0vF/XH5e5/QmymaJbhicdggc3WUkuTjb//AzIBYRXqRvOL42KHr
C1iPs52v1p5M0H9Q1ntEy3VRUQ287UUoXv0bNHFfZXxY75FPwsjwKR2/uNVd9fZL
q/4EqhNrTdib7obQvQ0/2uz5icxW2isNLtYBoQRIoFG4spTf/pWA0oCrVAyz/l0q
Shlv+IlXTTJEjMqqBw2Xjx+QBEpOCrZH0PKVUU2CVLXp/l4hsBh/PCEJuEOIQa58
DCYvXQeGkPeB+AP+uN9FvIiPNSjU03zYZR+q8CyhGQNetric8Kq/TBakDcg7oBoB
q0piaZfygkXjmCpxeEIxE6tVi08mzHXuSAn9jr4IMUcvBJDc0dr4T3bRK4LGe/iz
vp5BN6pz3T/VMr3KzExA+x9+n2N/8pWPkadMpA5o78OamcImVnj3u8m6oGzhl+R4
p/UDBD/tfO86stBT6ul9z2fRILHrPZrgSu9A5M3LuIAMfiUlJwtI88w3HmFJZklK
ZMhwPV5iWD0+rAH/3Dxv8l9qG1bJGKwyV7Gn2RklMy+STgDHZUpYlYNf8OnLLa/5
sImlw1wi4sGArEJlvqmgxf/96+OCHfdQlr89cNlyMOG1QJ8Fjmj14wFlqZEgTCP+
tx1AYS13va8=
=cO56
-----END PGP SIGNATURE-----

More information about the RHSA-announce mailing list