No evident maintainer, so assigning globally. CC'ing NicolasS who did a similar update not so long ago.

CC: (none) => nicolas.salguero
Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated packages fix a security vulnerability:

The c_rehash script allows command injection. (CVE-2022-1292)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
https://www.openssl.org/news/secadv/20220503.txt
========================

Updated packages in core/updates_testing:
========================
lib(64)openssl1.1-1.1.1o-1.mga8
lib(64)openssl-devel-1.1.1o-1.mga8
lib(64)openssl-static-devel-1.1.1o-1.mga8
openssl-1.1.1o-1.mga8
openssl-perl-1.1.1o-1.mga8

from SRPM:
openssl-1.1.1o-1.mga8.src.rpm

Whiteboard: MGA8TOO => (none)
Source RPM: openssl-3.0.2-1.mga9.src.rpm, openssl-1.1.1n-1.mga8.src.rpm => openssl-1.1.1n-1.mga8.src.rpm
Version: Cauldron => 8
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 1.1.1o and 3.0.3 => (none)
Assignee: pkg-bugs => qa-bugs

Ubuntu has issued an advisory for this on May 4:
https://ubuntu.com/security/notices/USN-5402-1

installed openssl

$ openssl version
OpenSSL 1.1.1o  3 May 2022


$ openssl enc -aes-128-cbc -in firefox78_12.txt -out fire.enc
enter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
$ ll fire.enc
-rw-r--r-- 1 brian live 464 May  5 20:43 fire.enc
$ cat fire.enc
Salted__�,+=W�$�jV���<9��{��
                            \��޳�cqϖ��FY�
                                         vCJ�R���҂� Dy�
                                                       ~u�[$f[�~
��"�޳Y��0|�f#+����FQ-�i�7�����������M1%f�i꼏e.���y@��+�2�����1N�Jp[��� �1:
                                                                          �E�
�7؟��kj��PA�;3�3�t�����#�
                         ����.�Z�G���[���������Z
                                                �A�l�g���l��n���W���z}�O��J��F~�N}��c�N����w���u6��w!���t�
                          �ư���=�li��i�*���8W�"j������O�A&�d�vi���~��������g)Q��Z9�d>+
=�9��^;��meu�������&H���Z	"����
                                     n�^����N�삭�
$ openssl enc -d -aes-128-cbc -in fire.enc -out fire.txt
enter aes-128-cbc decryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

file sizes match

$ ll fire.*
-rw-r--r-- 1 brian live 464 May  5 20:43 fire.enc
-rw-r--r-- 1 brian live 439 May  5 20:44 fire.txt
$ ll firefox78_12.txt
-rw-r--r-- 1 brian live 439 Jul 14  2021 firefox78_12.txt

source and restored file md5's match

$ openssl dgst -md5 firefox78_12.txt
MD5(firefox78_12.txt)= 33e849ed30b6664813656a4e05264f58
$ openssl dgst -md5 fire.txt
MD5(fire.txt)= 33e849ed30b6664813656a4e05264f58


working from my perspective

CC: (none) => brtians1

$ openssl genpkey -out fd.key -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -aes-128-cbc

$ openssl req -new -key fd.key -out fd.csr

$ openssl req -text -in fd.csr -noout
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = US, ST = Illinois, L = xxx, O = xxx, CN = localhost
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:ec:6c:32:28:0a:5d:8e:ea:59:e9:51:d4:e9:32:
                    3c:23:29:86:2e:10:65:cc:a6:07:9f:5b:14:5a:25:
                    82:9e:16:88:5b:27:25:2c:e8:ba:4f:9d:92:1f:60:
                    31:31:75:68:e3:18:cf:e5:5a:6f:8f:ea:cd:3a:16:
                    2b:c4:f1:4b:ef
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
            a0:00
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:da:bd:56:03:00:ef:a6:5b:38:ed:d0:17:3e:
         04:5c:f9:40:38:7a:08:2b:bc:37:a9:24:86:91:7f:70:37:55:
         56:02:20:35:09:fd:66:cc:b4:30:ca:71:12:3c:56:ef:84:23:
         5c:73:b7:13:0f:ed:77:4b:2d:ac:ca:9e:ea:4d:37:af:66

creating certs work

MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
Following WIKI:

$ openssl version
OpenSSL 1.1.1o  3 May 2022

$ openssl version -a
OpenSSL 1.1.1o  3 May 2022
built on: Wed May  4 19:59:53 2022 UTC
platform: linux-x86_64
options:  bn(64,64) md2(char) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: os-specific
engines:  rdrand dynamic 

$ openssl ciphers -v
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
and more......

$ openssl ciphers -v -tls1
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
and more.....

$ openssl ciphers -v 'HIGH'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
and more....

$ openssl ciphers -v 'AES+HIGH'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
and more.....

other tests from WIKI behave OK.
OK'ing in view of other tests by Brian.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Are the fixes for CVE-2022-1343, CVE-2022-1434, and CVE-2022-1473 included?

Keywords: (none) => feedback
CC: (none) => davidwhodgins

Nevermind. Missed that in the description, only the one cve applies to m8.

Keywords: feedback => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0173.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED