Red Hat 9062 Published by

An openssl-container security update has been released for Red Hat Enterprise Linux 9.



RHSA-2022:7384-01: Critical: openssl-container security update



=====================================================================
Red Hat Security Advisory

Synopsis: Critical: openssl-container security update
Advisory ID: RHSA-2022:7384-01
Product: Red Hat Enterprise Linux
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:7384
Issue date: 2022-11-02
CVE Names: CVE-2022-3602 CVE-2022-3786
=====================================================================

1. Summary:

An update for openssl-container is now available for Red Hat Enterprise
Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The ubi9/openssl image provides provides an openssl command-line tool for
using the various functions of the OpenSSL crypto library. Using the
OpenSSL tool, you can generate private keys, create certificate signing
requests (CSRs), and display certificate information.

This updates the ubi9/openssl image in the Red Hat Container Registry.

To pull this container image, run one of the following commands:

podman pull registry.redhat.io/rhel9/openssl (authenticated)
podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated)

Security Fix(es):

* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.

4. Bugs fixed (  https://bugzilla.redhat.com/):

2134869 - rebuild of openssl-container 9.0
2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow

5. References:

  https://access.redhat.com/security/cve/CVE-2022-3602
  https://access.redhat.com/security/cve/CVE-2022-3786
  https://access.redhat.com/security/updates/classification/#critical
  https://catalog.redhat.com/software/containers/search
  https://access.redhat.com/security/vulnerabilities/RHSB-2022-004

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.