April 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2276143] New: openssl3 epel-8 SIGILL on ppc64le Power8
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2276143 Bug ID: 2276143 Summary: openssl3 epel-8 SIGILL on ppc64le Power8 Product: Fedora EPEL Version: epel8 Hardware: ppc64le Status: NEW Component: openssl3 Severity: high Assignee: michel(a)michel-slm.name Reporter: younes.m(a)gmail.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Description of problem: openssl3 crashes with a SIGILL on Power8 systems because it executes a code path intended for P9 and later. The bug has already been fixed upstream and in Fedora, but not in EPEL. See links below for context. Version-Release number of selected component (if applicable): 3.0.7-5.el8.1 How reproducible: Very reproducible (e.g. ssh) Steps to Reproduce: 1. Download the src rpm 2. rpmbuild -bc ~/rpmbuild/SPECS/openssl3.spec 3. make -C ~/rpmbuild/BUILD/openssl-3.0.7 test 4. Look for SIGILL crashes in `test/evp_test` for example Additional info: https://bugzilla.redhat.com/show_bug.cgi?id=2124845 https://github.com/openssl/openssl/issues/19163 https://github.com/openssl/openssl/pull/19182 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2276143 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2258505] New: CVE-2023-6237 openssl3: openssl: Excessive time spent checking invalid RSA public keys [epel-all]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2258505 Bug ID: 2258505 Summary: CVE-2023-6237 openssl3: openssl: Excessive time spent checking invalid RSA public keys [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: mcascell(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2258502 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2258505 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2257573] New: CVE-2023-6129 openssl3: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC [epel-all]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257573 Bug ID: 2257573 Summary: CVE-2023-6129 openssl3: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2257571 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257573 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2249063] New: CVE-2023-5363 openssl3: openssl: Incorrect cipher key and IV length processing [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2249063 Bug ID: 2249063 Summary: CVE-2023-5363 openssl3: openssl: Incorrect cipher key and IV length processing [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2243839 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2249063 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2248621] New: CVE-2023-5678 openssl3: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2248621 Bug ID: 2248621 Summary: CVE-2023-5678 openssl3: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: askrabec(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2248616 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248621 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2228050] New: CVE-2023-3817 openssl3: OpenSSL: Excessive time spent checking DH q parameter value [epel-all]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2228050 Bug ID: 2228050 Summary: CVE-2023-3817 openssl3: OpenSSL: Excessive time spent checking DH q parameter value [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2227852 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2228050 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2223821] New: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Bug ID: 2223821 Summary: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2223016 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2211109] New: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2211109 Bug ID: 2211109 Summary: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2207947 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2211109

1 6

[Bug 2188526] New: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2188526 Bug ID: 2188526 Summary: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2188461 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2188526

1 6

[Bug 2182602] New: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2182602 Bug ID: 2182602 Summary: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182565 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182602

1 6

2026

2025

2024

2023

2022

2021

Epel-packagers-sig April 2024