stable

openssl-3.0.5-2.fc36

FEDORA-2022-502f096dce created by dbelyavs 7 months ago for Fedora 36

Security fix for CVE-2022-3602 and CVE-2022-3786

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-502f096dce

This update has been submitted for testing by dbelyavs.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago
User Icon markec provided feedback 7 months ago
karma
User Icon bittin provided feedback 7 months ago
karma
BZ#2137723 CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
BZ#2139149 [Major Incident] CVE-2022-3602 openssl: X.509 Email Address Buffer Overflow [fedora-all]
User Icon mikelo2 provided feedback 7 months ago
karma
User Icon stklcode provided feedback 7 months ago
karma
User Icon atim provided feedback 7 months ago
karma
User Icon ptudor provided feedback 7 months ago
karma
User Icon imsedgar commented & provided feedback 7 months ago

If the build fixes CVE-2022-3786, then BZ#2139151 and BZ#2139104 should also be linked to this update?

User Icon robatino commented & provided feedback 7 months ago

As soon as the test gating status changes to "passed", another +1 (even from someone who already gave +1) will be necessary to get it submitted for stable.

User Icon py0xc3 commented & provided feedback 7 months ago
karma

Works fine. CVEs not verified.

karma
BZ#2137723 CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
BZ#2139149 [Major Incident] CVE-2022-3602 openssl: X.509 Email Address Buffer Overflow [fedora-all]
karma
User Icon pssgcsim provided feedback 7 months ago
karma

This update's test gating status has been changed to 'failed'.

7 months ago
User Icon marbu provided feedback 7 months ago
karma
User Icon adamwill commented & provided feedback 7 months ago

note, gating is 'failed' because we are still waiting on a few tests. they are running and will complete within the next hour or so, I hope.

User Icon nb provided feedback 7 months ago
karma
BZ#2137723 CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
BZ#2139149 [Major Incident] CVE-2022-3602 openssl: X.509 Email Address Buffer Overflow [fedora-all]
User Icon norenh commented & provided feedback 7 months ago
karma

No regressions detected on x86_64. Tried to verify vulnerability with poc, but the poc I found showed that both old and new version was ok, so I guess it is unclear if the old version was properly exploitable on fedora x86_64.

User Icon vainly commented & provided feedback 7 months ago
karma

Everything working on my end. (except the exploit, hopefully) Will run a PoC tomorrow if I find one.

This update's test gating status has been changed to 'passed'.

7 months ago
User Icon kevin provided feedback 7 months ago
karma

This update has been submitted for stable by bodhi.

7 months ago

This update has been pushed to stable.

7 months ago
User Icon augenauf commented & provided feedback 7 months ago

Hi @bittin, @nb, @jsbillings, how did you test for the CVEs

User Icon brandfbb commented & provided feedback 7 months ago
karma

package works, cves not verified.


Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
16
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
7 months ago
in stable
7 months ago
BZ#2137723 CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
0
3
BZ#2139149 [Major Incident] CVE-2022-3602 openssl: X.509 Email Address Buffer Overflow [fedora-all]
0
3

Automated Test Results