xumia
commented
11 months ago The new badrsa cert is provided by Samuel. @samuel-lee-msft , thanks for fixing the UT failure issue. It fixes the issue positively, not simply disable it.
See issue: https://github.com/sonic-net/sonic-fips/issues/46
Upgrade OpenSSL to 1.1.1n-0+deb11u5 Remove some of the patches already added in debian/patches. Fix CVEs: CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy CVE-2023-0465 (Invalid certificate policies in leaf certificates are CVE-2023-0466 (Certificate policy check not enabled). CVE-2022-4304 (Timing Oracle in RSA Decryption). CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
Upgrade OpenSSH to 8.4p1-5+deb11u2 Fix CVEs: CVE-2023-38408 (Lacks SSH agent restriction)