INFSA-2022:4899: compat-openssl11 security update
Information about definition
Identificator: INFSA-2022:4899
Type: security
Release date: 2025-03-05 17:02:45 UTC
Information about package
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries.
Vulnerabilities description
- CVE-2022-0778
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack. Bug Fixes * compat-openssl11 breaks in FIPS
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-0778
|
no information | 7.5 | no information |
Updated packages