Security update for openssl-1_1

Announcement ID:	SUSE-SU-2022:0861-3
Rating:	important
References:	bsc#1182959 bsc#1195149 bsc#1195792 bsc#1195856 bsc#1196877
Cross-References:	CVE-2022-0778
CVSS scores:	CVE-2022-0778 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0778 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves one vulnerability and has four security fixes can now be installed.

Description:

This update for openssl-1_1 fixes the following issues:

openssl-1_1:

• CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
• Fix PAC pointer authentication in ARM (bsc#1195856)
• Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
• FIPS: Fix function and reason error codes (bsc#1182959)
• Enable zlib compression support (bsc#1195149)

glibc:

• Resolve installation issue of glibc-devel in SUSE Linux Enterprise Micro 5.1

linux-glibc-devel:

• Resolve installation issue of linux-kernel-headers in SUSE Linux Enterprise Micro 5.1

libxcrypt:

• Resolve installation issue of libxcrypt-devel in SUSE Linux Enterprise Micro 5.1

zlib:

• Resolve installation issue of zlib-devel in SUSE Linux Enterprise Micro 5.1

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-861=1
• SUSE Linux Enterprise Micro for Rancher 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-861=1

Package List:

• SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
  • zlib-debugsource-1.2.11-3.26.10
  • libopenssl-1_1-devel-1.1.1d-11.43.1
  • libopenssl1_1-hmac-1.1.1d-11.43.1
  • glibc-2.31-150300.20.7
  • glibc-locale-base-2.31-150300.20.7
  • glibc-debuginfo-2.31-150300.20.7
  • libopenssl1_1-debuginfo-1.1.1d-11.43.1
  • glibc-locale-2.31-150300.20.7
  • glibc-debugsource-2.31-150300.20.7
  • openssl-1_1-1.1.1d-11.43.1
  • libxcrypt-debugsource-4.4.15-150300.4.2.41
  • openssl-1_1-debuginfo-1.1.1d-11.43.1
  • libcrypt1-4.4.15-150300.4.2.41
  • libcrypt1-debuginfo-4.4.15-150300.4.2.41
  • libz1-1.2.11-3.26.10
  • libopenssl1_1-1.1.1d-11.43.1
  • libz1-debuginfo-1.2.11-3.26.10
  • openssl-1_1-debugsource-1.1.1d-11.43.1
  • glibc-locale-base-debuginfo-2.31-150300.20.7
• SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
  • zlib-debugsource-1.2.11-3.26.10
  • libopenssl-1_1-devel-1.1.1d-11.43.1
  • libopenssl1_1-hmac-1.1.1d-11.43.1
  • glibc-2.31-150300.20.7
  • glibc-locale-base-2.31-150300.20.7
  • glibc-debuginfo-2.31-150300.20.7
  • libopenssl1_1-debuginfo-1.1.1d-11.43.1
  • glibc-locale-2.31-150300.20.7
  • glibc-debugsource-2.31-150300.20.7
  • openssl-1_1-1.1.1d-11.43.1
  • libxcrypt-debugsource-4.4.15-150300.4.2.41
  • openssl-1_1-debuginfo-1.1.1d-11.43.1
  • libcrypt1-4.4.15-150300.4.2.41
  • libcrypt1-debuginfo-4.4.15-150300.4.2.41
  • libz1-1.2.11-3.26.10
  • libopenssl1_1-1.1.1d-11.43.1
  • libz1-debuginfo-1.2.11-3.26.10
  • openssl-1_1-debugsource-1.1.1d-11.43.1
  • glibc-locale-base-debuginfo-2.31-150300.20.7

References:

• https://www.suse.com/security/cve/CVE-2022-0778.html
• https://bugzilla.suse.com/show_bug.cgi?id=1182959
• https://bugzilla.suse.com/show_bug.cgi?id=1195149
• https://bugzilla.suse.com/show_bug.cgi?id=1195792
• https://bugzilla.suse.com/show_bug.cgi?id=1195856
• https://bugzilla.suse.com/show_bug.cgi?id=1196877