FortiClient Vulnerability

Security Vulnerabilities fixed in openssl RHSA-2023:1405

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) openssl: timing attack in RSA Decryption implementation (CVE-2022-4304) openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450) openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215) openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) openssl: timing attack in RSA Decryption implementation (CVE-2022-4304) openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450) openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.