OpenSSL has issued an advisory today (June 21): https://www.openssl.org/news/secadv/20220621.txt The issue is fixed upstream in 1.1.1p and 3.0.4: https://www.openssl.org/news/secadv/20220621.txt
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.1.1p and 3.0.4
Ubuntu has issued an advisory for this today (June 21): https://ubuntu.com/security/notices/USN-5488-1
Updated packages uploaded for Mageia 8 and Cauldron by Nicolas Salguero: libopenssl-devel-1.1.1p-1.mga8 libopenssl1.1-1.1.1p-1.mga8 openssl-perl-1.1.1p-1.mga8 openssl-1.1.1p-1.mga8 libopenssl-static-devel-1.1.1p-1.mga8 from openssl-1.1.1p-1.mga8.src.rpm
CC: (none) => nicolas.salgueroAssignee: bugsquad => qa-bugsVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)Source RPM: openssl-3.0.3-1.mga9.src.rpm, openssl-1.1.1o-1.mga8.src.rpm => openssl-1.1.1o-1.mga8.src.rpmStatus comment: Fixed upstream in 1.1.1p and 3.0.4 => (none)
Suggested advisory: ======================== The updated packages fix a security vulnerability: The c_rehash script allows command injection. (CVE-2022-2068) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 https://www.openssl.org/news/secadv/20220621.txt https://ubuntu.com/security/notices/USN-5488-1
Status: NEW => ASSIGNEDCVE: (none) => CVE-2022-2068
MGA8-64 Plasma on Acer Aspire 5253 No installation issues Following the wiki: $ openssl version -a OpenSSL 1.1.1p 21 Jun 2022 built on: Tue Jun 21 14:51:24 2022 UTC platform: linux-x86_64 options: bn(64,64) md2(char) rc4(8x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config" OPENSSLDIR: "/etc/pki/tls" ENGINESDIR: "/usr/lib64/engines-1.1" Seeding source: os-specific engines: dynamic $ openssl ciphers -v TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD etc ...... $ openssl ciphers -v -tls1 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD etc..... $ openssl ciphers -v 'HIGH' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD etc...... $ openssl ciphers -v 'AES+HIGH' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD etc.... $ openssl speed a looooong list $ openssl s_time -connect <desktop>:443 Collecting connection statistics for 30 seconds lots of stars, then 2033 connections in 7.59s; 267.85 connections/user sec, bytes read 0 2033 connections in 31 real seconds, 0 bytes read per connection Now timing with session id reuse. starting again lots of stars, then 2097 connections in 7.73s; 271.28 connections/user sec, bytes read 0 2097 connections in 31 real seconds, 0 bytes read per connection All looks OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0246.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED