File _patchinfo of Package patchinfo.27649

<patchinfo incident="27649">
  <issue tracker="bnc" id="1207538">VUL-0: EMBARGOED: CVE-2022-4450: openssl: Double free after calling PEM_read_bio_ex</issue>
  <issue tracker="bnc" id="1207536">VUL-0: EMBARGOED: CVE-2023-0215: openssl: Use-after-free following BIO_new_NDEF</issue>
  <issue tracker="bnc" id="1198472">[SLES15SP4][SECURITY][FIPS][Build 117.1][ppc64le][manual] openssl list public key algorithms that is not allowed while system working in fips mode</issue>
  <issue tracker="bnc" id="1207534">VUL-0: EMBARGOED: CVE-2022-4304: openssl: Timing Oracle in RSA Decryption</issue>
  <issue tracker="bnc" id="1207533">VUL-0: EMBARGOED: CVE-2023-0286: openssl: X.400 address type confusion in X.509 GeneralName</issue>
  <issue tracker="bnc" id="1121365">[FIPS] OpenSSL X25519 algorithm is still approved in fips mode</issue>
  <issue tracker="cve" id="2023-0215"/>
  <issue tracker="cve" id="2022-4304"/>
  <issue tracker="cve" id="2023-0286"/>
  <issue tracker="cve" id="2022-4450"/>
  <packager>ohollmann</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for openssl-1_1</summary>
  <description>This update for openssl-1_1 fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472)
</description>
</patchinfo>