[RndTbl] Fw: [SECURITY] Fedora 36 Update: openssl-3.0.8-1.fc36
Trevor Cordes
trevor at tecnopolis.ca
Wed Feb 22 13:51:07 CST 2023
Oh joy, "password timing" attacks come to SSL.
e.g. CVE-2022-4304 Published 2023-02-08T20:15:00
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack.
Begin forwarded message:
Date: Wed, 22 Feb 2023 11:09:09 +0000 (GMT)
From: updates at fedoraproject.org
To: package-announce at lists.fedoraproject.org
Subject: [SECURITY] Fedora 36 Update: openssl-3.0.8-1.fc36
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-a5564c0a3f
2023-02-22 11:06:32.699863
--------------------------------------------------------------------------------
Name : openssl
Product : Fedora 36
Version : 3.0.8
Release : 1.fc36
* Thu Feb 9 2023 Dmitry Belyavskiy <dbelyavs at redhat.com> - 1:3.0.8-1
- Rebase to upstream version 3.0.8
Resolves: CVE-2022-4203
Resolves: CVE-2022-4304
Resolves: CVE-2022-4450
Resolves: CVE-2023-0215
Resolves: CVE-2023-0216
Resolves: CVE-2023-0217
Resolves: CVE-2023-0286
Resolves: CVE-2023-0401
More information about the Roundtable
mailing list