CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
Resolves: rhbz#2089444
This commit is contained in:
parent
b5de6bd830
commit
ac312e8ff7
13
0063-CVE-2022-1473.patch
Normal file
13
0063-CVE-2022-1473.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
|
||||
index 2a574fbfe6aa..16f482db68a9 100644
|
||||
--- a/crypto/lhash/lhash.c
|
||||
+++ b/crypto/lhash/lhash.c
|
||||
@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh)
|
||||
}
|
||||
lh->b[i] = NULL;
|
||||
}
|
||||
+
|
||||
+ lh->num_items = 0;
|
||||
}
|
||||
|
||||
void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.0.1
|
||||
Release: 32%{?dist}
|
||||
Release: 33%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -119,6 +119,8 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
|
||||
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
||||
Patch62: 0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
|
||||
# https://github.com/openssl/openssl/pull/18141
|
||||
Patch63: 0063-CVE-2022-1473.patch
|
||||
|
||||
License: ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -449,6 +451,10 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33
|
||||
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
|
||||
- Resolves: rhbz#2089444
|
||||
|
||||
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
|
||||
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
|
||||
- Resolves: rhbz#2083240
|
||||
|
Loading…
Reference in New Issue
Block a user