stable

openssl3-3.2.1-1.1.el8

FEDORA-EPEL-2024-b002585dd2 created by salimma 3 months ago for Fedora EPEL 8

Merge in changes from c9s' openssl to pick up various CVE fixes and other bugfixes

This update has been submitted for testing by salimma.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update has been pushed to testing.

3 months ago
User Icon xxxxxxxxx commented & provided feedback 3 months ago

how to install openssl-fips-provider

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

2 months ago
User Icon tkvarfordt commented & provided feedback 2 months ago

I am unable to install this update via dnf on Rocky Linux 8.9. I get the following error:

Last metadata expiration check: 0:36:19 ago on Wed 01 May 2024 03:51:58 PM MDT.
Error:
 Problem: package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libcrypto.so.3()(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libssl.so.3()(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libcrypto.so.3(OPENSSL_3.0.0)(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libssl.so.3(OPENSSL_3.0.0)(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libcrypto.so.3(OPENSSL_3.0.1)(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libcrypto.so.3(OPENSSL_3.0.9)(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libcrypto.so.3(OPENSSL_3.2.0)(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires libssl.so.3(OPENSSL_3.2.0)(64bit), but none of the providers can be installed
  - package openssl3-3.2.1-1.1.el8.x86_64 from epel requires openssl3-libs(x86-64) = 3.2.1-1.1.el8, but none of the providers can be installed
  - conflicting requests
  - nothing provides openssl-fips-provider needed by openssl3-libs-3.2.1-1.1.el8.x86_64 from epel
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
User Icon salimma commented & provided feedback 2 months ago

Apologies for not noticing this earlier - my mock --postinstall workflow was temporarily broken for EL8.

This update fixes the issue - FEDORA-EPEL-2024-2139fb0f65

User Icon tkvarfordt commented & provided feedback 2 months ago

No worries, much appreciated!


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
3 months ago
in testing
3 months ago
in stable
2 months ago
approved
3 months ago
BZ#2182590 CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8]
0
0
BZ#2182602 CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8]
0
0
BZ#2188526 CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8]
0
0
BZ#2211109 CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8]
0
0
BZ#2223821 TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8]
0
0
BZ#2228050 CVE-2023-3817 openssl3: OpenSSL: Excessive time spent checking DH q parameter value [epel-all]
0
0
BZ#2248621 CVE-2023-5678 openssl3: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow [epel-8]
0
0
BZ#2249063 CVE-2023-5363 openssl3: openssl: Incorrect cipher key and IV length processing [epel-8]
0
0
BZ#2257573 CVE-2023-6129 openssl3: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC [epel-all]
0
0
BZ#2258505 CVE-2023-6237 openssl3: openssl: Excessive time spent checking invalid RSA public keys [epel-all]
0
0
BZ#2276143 openssl3 epel-8 SIGILL on ppc64le Power8
0
0

Automated Test Results