[RHSA-2022:7384-01] Critical: openssl-container security update
Security announcements for all Red Hat products and services.
rhsa-announce at redhat.com
Thu Nov 3 00:55:30 UTC 2022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: openssl-container security update
Advisory ID: RHSA-2022:7384-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7384
Issue date: 2022-11-02
CVE Names: CVE-2022-3602 CVE-2022-3786
=====================================================================
1. Summary:
An update for openssl-container is now available for Red Hat Enterprise
Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
The ubi9/openssl image provides provides an openssl command-line tool for
using the various functions of the OpenSSL crypto library. Using the
OpenSSL tool, you can generate private keys, create certificate signing
requests (CSRs), and display certificate information.
This updates the ubi9/openssl image in the Red Hat Container Registry.
To pull this container image, run one of the following commands:
podman pull registry.redhat.io/rhel9/openssl (authenticated)
podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated)
Security Fix(es):
* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.
4. Bugs fixed (https://bugzilla.redhat.com/):
2134869 - rebuild of openssl-container 9.0
2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
5. References:
https://access.redhat.com/security/cve/CVE-2022-3602
https://access.redhat.com/security/cve/CVE-2022-3786
https://access.redhat.com/security/updates/classification/#critical
https://catalog.redhat.com/software/containers/search
https://access.redhat.com/security/vulnerabilities/RHSB-2022-004
6. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2MRgtzjgjWX9erEAQgHMBAAgjuU0cGu47ptVYHjuJHUUBIrQaAjqcwW
MffMcu54pXHcKaFi0FV7moAJ5mawQWAamunMaleKScdinaYMk9W8RtLg8jO9flpm
vN1tTVvIyoSQ9KKe/1jde37VbtkNL5FmV9uWfMCL55qqF4FL0a6zFLbPDjWXaxh9
UvXds0G1JqUkHnSCrxIMP9UJrTvMQRxI06BfBkstMbfdUd26gfmcyTux9IyVZQnc
YKnDaYKsMGmy+iX1Fe7FlfnAyA04MEVsqCa82MbD47TDRmFtrkurZO0R71MDGVVZ
75AnDX+Z5o6Z7tZcmXWdz67aEZ4ApPVqvRjtd7D8LDGfJCDZC0HTS0cvUozJOqsL
cl3owpI3Kj+bx8S+dtfjgRfMNXU4IRl4T+qSTBwE1jEY/s44NvJjGYDBGUqneUtF
V7Hv7JkApSgx5OxLz2zK75DiGqL9fD/qpNHhj73KHWvvSKvNEGlmkIWWF1wkC5XO
Z/Ld5Q/FW9bchkQwxEJuxykzukzn2m6xUqVKjfB4ErhCBfoqredYY7jcNLYJcgOU
BNaR9kH1kRRp2F55QmA03dxU6FPn4N1CoOHJsrxvF4lIXkrgCzu9QTVPqOONSg+i
dQJYzvrv9r7E0AT7iSOzlBj3VUZqL3NktNb+4fOY9RwgRMdkBBi0ofykujSXeI2S
8OZlzBFtsPA=
=1WnU
-----END PGP SIGNATURE-----
More information about the RHSA-announce
mailing list