Scope

Patch latest OpenSSL known vulnerabilities, as published at https://www.openssl.org/news/vulnerabilities.html#y2023.

Changes

Updated OpenSSL 1.1.1t sources to version 1.1.1w to fix CVE-2023-4807, CVE-2023-3817, CVE-2023-3446, CVE-2023-2975, CVE-2023-2975, CVE-2023-2975, CVE-2023-1255, CVE-2023-0466, CVE-2023-0464.

Drive-by changes:

• Updated OpenSSL 1.0.2 sources for AIX to version 1.0.2v-chevah5 to fix CVE-2023-0286 (high severity update from Feb).
• Patched cryptography for CVE-2023-23931 (3.3.2chevah from https://bin.chevah.com:20443/pypi/simple/cryptography/ and 3.2.1 from python-modules/).
• Patched Python on all platforms for CVE-2023-24329 and on non-Windows platform for CVE-2021-3177.
• Updated SQLite to version 3.43.1 fixing CVE-2023-36191 and CVE-2021-31239.
• Updated zlib to version 1.3.
• Updated psutil to version 5.9.5 on all platforms.
• Adapted the ARM64 build to run on an Amazon Linux 2 container.

How to try and test the changes

reviewers: @adiroiban

Check automated tests.

Check relevant changes:

git diff master .github/ brink.* chevah_build python-modules/ src/python/

Check the updated external_deps.fods LibreOffice sheet for documented security issues.

Check the updated list of ignored safety security alerts, e.g. https://data.safetycli.com/vulnerabilities/CVE-2023-38325/59473/ (cryptography issue not related to embedded OpenSSL and with no backported fix).