[CLSA-2023:1683235759] Fix CVE(s): CVE-2022-3996, CVE-2023-0464, CVE-2023-0466

Type:

security

Severity:

Important

Release date:

2023-05-04 21:29:24 UTC

Description:

   * SECURITY UPDATE: Excessive resource use verifying X.509 policy constraints
     - debian/patches/CVE-2023-0464.patch: Limit X.509 certificate tree size to
       avoid exponential use of computational resources
     - CVE-2023-0464
   * SECURITY UPDATE: Incorrecly documented X509_VERIFY_PARAM_add0_policy()
     - debian/patches/CVE-2023-0466.patch: Align documentation with actual
       implementation
     - CVE-2023-0466
   * SECURITY UPDATE: Double locking in X.509 policy cache handling
     - debian/patches/CVE-2022-3996.patch: Revert previously introduced
       redundant flag setting and so avoid locking at all
     - CVE-2022-3996

Updated packages:

libssl-dev_1.0.2g-1ubuntu4.21+tuxcare.els6_amd64.deb
sha:f2506d981c0f10418265c51941f1c5ac88bd4b7a
libssl-doc_1.0.2g-1ubuntu4.21+tuxcare.els6_all.deb
sha:dcf8a3913f78086b465f07cc4520341fd53daad6
libssl1.0.0_1.0.2g-1ubuntu4.21+tuxcare.els6_amd64.deb
sha:b66c4778b37941bd2781fd79dcf973e5e633cf40
openssl_1.0.2g-1ubuntu4.21+tuxcare.els6_amd64.deb
sha:b0fbe5c22e8d5a83665ba25db8b5efd700362988

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.