compat-openssl10-1.0.2o-4.el8_10.1

エラータID: AXSA:2025-9952:01

Release date: 
Wednesday, May 21, 2025 - 14:21
Subject: 
compat-openssl10-1.0.2o-4.el8_10.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. compat-openssl10-1.0.2o-4.el8_10.1.src.rpm
    MD5: 3005cefd583e9518c246fa6b352e01be
    SHA-256: e143a603e4a96d6318efae8e2f4d8056fac4f5c71e7c7c78947bc7dfc256ec0e
    Size: 3.51 MB

Asianux Server 8 for x86_64
  1. compat-openssl10-1.0.2o-4.el8_10.1.i686.rpm
    MD5: f3894620212ea667821af7efcd12dc27
    SHA-256: 595c1a51da34be6270d832849a7721ff28c62205513735948a6197c07e3712a1
    Size: 0.97 MB
  2. compat-openssl10-1.0.2o-4.el8_10.1.x86_64.rpm
    MD5: 84af0265d62f133014c07b127c527d75
    SHA-256: 853754fefa16feded4f938eaee195b5ad6717dda9e14221fbd65dc0244b79632
    Size: 1.13 MB