OpenSSL has issued an advisory on October 24: https://www.openssl.org/news/secadv/20231024.txt The issue is fixed upstream in 3.0.12.
Whiteboard: (none) => MGA9TOOSource RPM: (none) => openssl-3.0.10-1.mga9.src.rpmCC: (none) => nicolas.salguero
No registered maintainer for openssl, so assigning to all
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Suggested advisory: ======================== The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. (CVE-2023-5363) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt ======================== Updated packages in core/updates_testing: ======================== lib(64)openssl3-3.0.12-1.mga9 lib(64)openssl-devel-3.0.12-1.mga9 lib(64)openssl-static-devel-3.0.12-1.mga9 openssl-3.0.12-1.mga9 openssl-perl-3.0.12-1.mga9 from SRPM: openssl-3.0.12-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNED
Advisory from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisory
Blocks: (none) => 32484
MGA9-64, Gnome The following 3 packages are going to be installed: - lib64openssl-devel-3.0.12-1.mga9.x86_64 - lib64openssl3-3.0.12-1.mga9.x86_64 - openssl-3.0.12-1.mga9.x86_64 7.5KB of additional disk space will be used. $ echo -n 'hello mageia' | openssl aes-256-cbc -e -K 47bc82c4e6dd271d3a72d526bf6ac3ee520d8ec70f7a1044cd02f098f6b51162 -iv '47bc82c4e6dd271d3a72d526bf6ac3ee' > mageia.enc $ openssl aes-256-cbc -d -in mageia.enc -K 47bc82c4e6dd271d3a72d526bf6ac3ee520d8ec70f7a1044cd02f098f6b51162 -iv '47bc82c4e6dd271d3a72d526bf6ac3ee' hello mageia ---- basic encryption working for me with an iv
CC: (none) => brtians1
[brian@localhost ~]$ echo -n 'hello mageia' | openssl dgst -sha256 SHA2-256(stdin)= 872f4c6f4fa44aab16bb985dc4b7790f541695db34787f61f58df0f32598a93c [brian@localhost ~]$ echo -n 'hello mageia' | sha256sum 872f4c6f4fa44aab16bb985dc4b7790f541695db34787f61f58df0f32598a93c - matching
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0313.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED