SUSE-RU-2022:3663-1: moderate: Recommended update for openssl-1_1

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Oct 19 22:23:56 UTC 2022 

   SUSE Recommended Update: Recommended update for openssl-1_1
______________________________________________________________________________

Announcement ID:    SUSE-RU-2022:3663-1
Rating:             moderate
References:         #1121365 #1180995 #1190651 #1190653 #1190888 
                    #1193859 #1198471 #1198472 #1201293 #1202148 
                    #1203046 #1203069 SLE-24941 
Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP4
                    SUSE Linux Enterprise High Performance Computing 15-SP4
                    SUSE Linux Enterprise Micro 5.3
                    SUSE Linux Enterprise Module for Basesystem 15-SP4
                    SUSE Linux Enterprise Server 15-SP4
                    SUSE Linux Enterprise Server for SAP Applications 15-SP4
                    SUSE Manager Proxy 4.3
                    SUSE Manager Retail Branch Server 4.3
                    SUSE Manager Server 4.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that has 12 recommended fixes and contains one
   feature can now be installed.

Description:

   This update for openssl-1_1 fixes the following issues:

   - FIPS: Default to RFC-7919 groups for genparam and dhparam
   - FIPS: list only FIPS approved digest and public key algorithms
     [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
   - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
   - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
     * The FIPS_drbg implementation is not FIPS validated anymore. To provide
       backwards compatibility for applications that need FIPS compliant RNG
       number generation and use FIPS_drbg_generate, this function was
       re-wired to call the FIPS validated DRBG instance instead through the
       RAND_bytes() call.
   - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
   - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148,
     jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library.
   - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
   - FIPS: Add zeroization of temporary variables to the hmac integrity
     function FIPSCHECK_verify(). [bsc#1190653]


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-3663=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3663=1

   - SUSE Linux Enterprise Micro 5.3:

      zypper in -t patch SUSE-SLE-Micro-5.3-2022-3663=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      libopenssl-1_1-devel-1.1.1l-150400.7.10.5
      libopenssl1_1-1.1.1l-150400.7.10.5
      libopenssl1_1-debuginfo-1.1.1l-150400.7.10.5
      libopenssl1_1-hmac-1.1.1l-150400.7.10.5
      openssl-1_1-1.1.1l-150400.7.10.5
      openssl-1_1-debuginfo-1.1.1l-150400.7.10.5
      openssl-1_1-debugsource-1.1.1l-150400.7.10.5

   - openSUSE Leap 15.4 (noarch):

      openssl-1_1-doc-1.1.1l-150400.7.10.5

   - openSUSE Leap 15.4 (x86_64):

      libopenssl-1_1-devel-32bit-1.1.1l-150400.7.10.5
      libopenssl1_1-32bit-1.1.1l-150400.7.10.5
      libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.10.5
      libopenssl1_1-hmac-32bit-1.1.1l-150400.7.10.5

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):

      libopenssl-1_1-devel-1.1.1l-150400.7.10.5
      libopenssl1_1-1.1.1l-150400.7.10.5
      libopenssl1_1-debuginfo-1.1.1l-150400.7.10.5
      libopenssl1_1-hmac-1.1.1l-150400.7.10.5
      openssl-1_1-1.1.1l-150400.7.10.5
      openssl-1_1-debuginfo-1.1.1l-150400.7.10.5
      openssl-1_1-debugsource-1.1.1l-150400.7.10.5

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):

      libopenssl1_1-32bit-1.1.1l-150400.7.10.5
      libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.10.5
      libopenssl1_1-hmac-32bit-1.1.1l-150400.7.10.5

   - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):

      libopenssl-1_1-devel-1.1.1l-150400.7.10.5
      libopenssl1_1-1.1.1l-150400.7.10.5
      libopenssl1_1-debuginfo-1.1.1l-150400.7.10.5
      libopenssl1_1-hmac-1.1.1l-150400.7.10.5
      openssl-1_1-1.1.1l-150400.7.10.5
      openssl-1_1-debuginfo-1.1.1l-150400.7.10.5
      openssl-1_1-debugsource-1.1.1l-150400.7.10.5


References:

   https://bugzilla.suse.com/1121365
   https://bugzilla.suse.com/1180995
   https://bugzilla.suse.com/1190651
   https://bugzilla.suse.com/1190653
   https://bugzilla.suse.com/1190888
   https://bugzilla.suse.com/1193859
   https://bugzilla.suse.com/1198471
   https://bugzilla.suse.com/1198472
   https://bugzilla.suse.com/1201293
   https://bugzilla.suse.com/1202148
   https://bugzilla.suse.com/1203046
   https://bugzilla.suse.com/1203069

More information about the sle-updates mailing list