ELBA-2020-5998

ELBA-2020-5998 - openssl bug fix update

Type:BUG
Severity:NA
Release Date:2021-01-07

Description


[1.0.2k-12.0.3]
- Oracle bug 28672370: backport CVE-2018-0732
- Oracle bug 28672351: backport CVE-2018-0737

[1.0.2k-12.0.1]
- sha256 is used for the RSA pairwise consistency test instead of sha1

[1.0.2k-12]
- fix CVE-2017-3737 - incorrect handling of fatal error state
- fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus

[1.0.2k-11]
- fix deadlock in RNG in the FIPS mode in mariadb

[1.0.2k-9]
- fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication

[1.0.2k-8]
- fix regression in openssl req -x509 command (#1450015)

[1.0.2k-7]
- handle incorrect size gracefully in aes_p8_cbc_encrypt()

[1.0.2k-6]
- allow long client hellos to be received by server

[1.0.2k-5]
- fix CPU features detection on new AMD processors

[1.0.2k-4]
- add support for additional STARTTLS protocols to s_client
original backported patch by Robert Scheck (#1396209)

[1.0.2k-3]
- properly document the SSLv2 support removal

[1.0.2k-2]
- add PPC assembler updates

[1.0.2k-1]
- minor upstream release 1.0.2k fixing security issues

[1.0.2j-2]
- deprecate and disable verification of insecure hash algorithms
- add support for /etc/pki/tls/legacy-settings also for minimum DH length
accepted by SSL client
- compare the encrypt and tweak key in XTS as required by FIPS

[1.0.2j-1]
- rebase to latest upstream release from the 1.0.2 branch, ABI compatible

[1.0.1e-60]
- fix CVE-2016-2177 - possible integer overflow
- fix CVE-2016-2178 - non-constant time DSA operations
- fix CVE-2016-2179 - further DoS issues in DTLS
- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()
- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue
- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check
- fix CVE-2016-6304 - unbound memory growth with OCSP status request
- fix CVE-2016-6306 - certificate message OOB reads
- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to
112 bit effective strength

[1.0.1e-58]
- replace expired testing certificates

[1.0.1e-57]
- fix CVE-2016-2105 - possible overflow in base64 encoding
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO

[1.0.1e-56]
- fix 1-byte memory leak in pkcs12 parse (#1312112)
- document some options of the speed command (#1312110)
- fix high-precision timestamps in timestamping authority
- enable SCTP support in DTLS
- use correct digest when exporting keying material in TLS1.2 (#1289620)
- fix CVE-2016-0799 - memory issues in BIO_printf
- add support for setting Kerberos service and keytab in
s_server and s_client

[1.0.1e-55]
- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn

[1.0.1e-54]
- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method

[1.0.1e-53]
- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2

[1.0.1e-52]
- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint

[1.0.1e-51]
- fix the CVE-2015-1791 fix (broken server side renegotiation)

[1.0.1e-50]
- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable

[1.0.1e-49]
- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function

[1.0.1e-48]
- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
read in multithreaded applications

[1.0.1e-47]
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)

[1.0.1e-46]
- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)

[1.0.1e-45]
- update fix for CVE-2015-0287 to what was released upstream

[1.0.1e-44]
- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server

[1.0.1e-43]
- fix broken error detection when unwrapping unpadded key

[1.0.1e-42.1]
- fix the RFC 5649 for key material that does not need padding

[1.0.1e-42]
- test in the non-FIPS RSA keygen for minimal distance of p and q
similarly to the FIPS RSA keygen

[1.0.1e-41]
- fix CVE-2014-3570 - incorrect computation in BN_sqr()
- fix CVE-2014-3571 - possible crash in dtls1_get_record()
- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state
- fix CVE-2014-8275 - various certificate fingerprint issues
- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
ciphersuites and on server
- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate
- fix CVE-2015-0206 - possible memory leak when buffering DTLS records

[1.0.1e-40]
- use FIPS approved method for computation of d in RSA
- copy digest algorithm when handling SNI context switch

[1.0.1e-39]
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
(padding attack on SSL3)

[1.0.1e-38]
- do FIPS algorithm selftest before the integrity check

[1.0.1e-37]
- add support for RFC 5649 (#1119738)
- do not pass the FIPS integrity check if the .hmac files are empty (#1128849)
- add ECC TLS extensions to DTLS (#1119803)
- do not send ECC ciphersuites in SSLv2 client hello (#1090955)
- properly propagate encryption failure in BIO_f_cipher (#1072439)
- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
- improve documentation of ciphersuites - patch by Hubert Kario (#1108026)
- use case insensitive comparison for servername in s_server (#1081163)
- add support for automatic ECDH curve selection on server (#1080128)
- FIPS mode: make the limitations on DSA, DH, and RSA keygen
length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment
variable is set

[1.0.1e-36]
- add support for ppc64le architecture
- add Power 8 optimalizations

[1.0.1e-35]
- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3507 - avoid memory leak in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3509 - fix race condition when parsing server hello
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation

[1.0.1e-34.3]
- fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH

[1.0.1e-34]
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

[1.0.1e-33]
- use the key length from configuration file if req -newkey rsa is invoked

[1.0.1e-32]
- avoid unnecessary reseeding in BN_rand in the FIPS mode

[1.0.1e-31]
- print ephemeral key size negotiated in TLS handshake (#1057715)
- add DH_compute_key_padded needed for FIPS CAVS testing
- make expiration and key length changeable by DAYS and KEYLEN
variables in the certificate Makefile (#1058108)
- change default hash to sha256 (#1062325)
- lower the actual 3des strength so it is sorted behind aes128 (#1056616)

[1:1.0.1e-30]
- Mass rebuild 2014-01-24

[1.0.1e-29]
- rebuild with -O3 on ppc64 architecture

[1.0.1e-28]
- fix CVE-2013-4353 - Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1

[1:1.0.1e-27]
- Mass rebuild 2013-12-27

[1.0.1e-26]
- fix CVE-2013-6449 - crash when version in SSL structure is incorrect
- drop weak ciphers from the default TLS ciphersuite list
- add back some symbols that were dropped with update to 1.0.1 branch
- more FIPS validation requirement changes

[1.0.1e-25]
- fix locking and reseeding problems with FIPS drbg

[1.0.1e-24]
- additional changes required for FIPS validation
- disable verification of certificate, CRL, and OCSP signatures
using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable
is not set

[1.0.1e-23]
- add back support for secp521r1 EC curve
- add aarch64 to Configure (#969692)

[1.0.1e-22]
- do not advertise ECC curves we do not support (#1022493)

[1.0.1e-21]
- make DTLS1 work in FIPS mode
- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
- drop the -fips subpackage, installation of dracut-fips marks that the FIPS
module is installed
- avoid dlopening libssl.so from libcrypto
- fix small memory leak in FIPS aes selftest
- fix segfault in openssl speed hmac in the FIPS mode

[1.0.1e-20]
- document the nextprotoneg option in manual pages
original patch by Hubert Kario
- try to avoid some races when updating the -fips subpackage

[1.0.1e-19]
- use version-release in .hmac suffix to avoid overwrite
during upgrade

[1.0.1e-18]
- always perform the FIPS selftests in library constructor
if FIPS module is installed

[1.0.1e-16]
- add -fips subpackage that contains the FIPS module files

[1.0.1e-15]
- fix use of rdrand if available
- more commits cherry picked from upstream
- documentation fixes

[1.0.1e-14]
- additional manual page fix
- use symbol versioning also for the textual version

[1.0.1e-13]
- additional manual page fixes
- cleanup speed command output for ECDH ECDSA

[1.0.1e-12]
- use _prefix macro

[1.0.1e-11]
- add openssl.cnf.5 manpage symlink to config.5

[1.0.1e-10]
- add relro linking flag

[1.0.1e-9]
- add support for the -trusted_first option for certificate chain verification

[1.0.1e-8]
- disable GOST engine

[1.0.1e-7]
- add symbol version for ECC functions

[1.0.1e-6]
- update the FIPS selftests to use 256 bit curves

[1.0.1e-5]
- enabled NIST Suite B ECC curves and algorithms

[1.0.1e-4]
- fix random bad record mac errors (#918981)

[1.0.1e-3]
- fix up the SHLIB_VERSION_NUMBER

[1.0.1e-2]
- disable ZLIB loading by default (due to CRIME attack)

[1.0.1e-1]
- new upstream version

[1.0.1c-12]
- more fixes from upstream
- fix errors in manual causing build failure (#904777)

[1.0.1c-11]
- add script for renewal of a self-signed cert by Philip Prindeville (#871566)
- allow X509_issuer_and_serial_hash() produce correct result in
the FIPS mode (#881336)

[1.0.1c-10]
- do not load default verify paths if CApath or CAfile specified (#884305)

[1.0.1c-9]
- more fixes from upstream CVS
- fix DSA key pairwise check (#878597)

[1.0.1c-8]
- use 1024 bit DH parameters in s_server as 512 bit is not allowed
in FIPS mode and it is quite weak anyway

[1.0.1c-7]
- add missing initialization of str in aes_ccm_init_key (#853963)
- add important patches from upstream CVS
- use the secure_getenv() with new glibc

[1:1.0.1c-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1.0.1c-5]
- use __getenv_secure() instead of __libc_enable_secure

[1.0.1c-4]
- do not move libcrypto to /lib
- do not use environment variables if __libc_enable_secure is on
- fix strict aliasing problems in modes

[1.0.1c-3]
- fix DSA key generation in FIPS mode (#833866)
- allow duplicate FIPS_mode_set(1)
- enable build on ppc64 subarch (#834652)

[1.0.1c-2]
- fix s_server with new glibc when no global IPv6 address (#839031)
- make it build with new Perl

[1.0.1c-1]
- new upstream version

[1.0.1b-1]
- new upstream version

[1.0.1a-1]
- new upstream version fixing CVE-2012-2110

[1.0.1-3]
- add Kerberos 5 libraries to pkgconfig for static linking (#807050)

[1.0.1-2]
- backports from upstream CVS
- fix segfault when /dev/urandom is not available (#809586)

[1.0.1-1]
- new upstream release

[1.0.1-0.3.beta3]
- add obsoletes to assist multilib updates (#799636)

[1.0.1-0.2.beta3]
- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- new upstream release from the 1.0.1 branch
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)

[1.0.1-0.1.beta2]
- new upstream release from the 1.0.1 branch, ABI compatible
- add documentation for the -no_ign_eof option

[1.0.0g-1]
- new upstream release fixing CVE-2012-0050 - DoS regression in
DTLS support introduced by the previous release (#782795)

[1.0.0f-1]
- new upstream release fixing multiple CVEs

[1.0.0e-4]
- move the libraries needed for static linking to Libs.private

[1.0.0e-3]
- do not use AVX instructions when osxsave bit not set
- add direct known answer tests for SHA2 algorithms

[1.0.0e-2]
- fix missing initialization of variable in CHIL engine

[1.0.0e-1]
- new upstream release fixing CVE-2011-3207 (#736088)

[1.0.0d-8]
- drop the separate engine for Intel acceleration improvements
and merge in the AES-NI, SHA1, and RC4 optimizations
- add support for OPENSSL_DISABLE_AES_NI environment variable
that disables the AES-NI support

[1.0.0d-7]
- correct openssl cms help output (#636266)
- more tolerant starttls detection in XMPP protocol (#608239)

[1.0.0d-6]
- add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine

[1.0.0d-5]
- allow the AES-NI engine in the FIPS mode

[1.0.0d-4]
- add API necessary for CAVS testing of the new DSA parameter generation

[1.0.0d-3]
- add support for VIA Padlock on 64bit arch from upstream (#617539)
- do not return bogus values from load_certs (#652286)

[1.0.0d-2]
- clarify apps help texts for available digest algorithms (#693858)

[1.0.0d-1]
- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)

[1.0.0c-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[1.0.0c-3]
- add -x931 parameter to openssl genrsa command to use the ANSI X9.31
key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
to allow using MD5 when the system is in the maintenance state
even if the /proc fips flag is on
- make openssl pkcs12 command work by default in the FIPS mode

[1.0.0c-2]
- listen on ipv6 wildcard in s_server so we accept connections
from both ipv4 and ipv6 (#601612)
- fix openssl speed command so it can be used in the FIPS mode
with FIPS allowed ciphers

[1.0.0c-1]
- new upstream version fixing CVE-2010-4180

[1.0.0b-3]
- replace the revert for the s390x bignum asm routines with
fix from upstream

[1.0.0b-2]
- revert upstream change in s390x bignum asm routines

[1.0.0b-1]
- new upstream version fixing CVE-2010-3864 (#649304)

[1.0.0a-3]
- make SHLIB_VERSION reflect the library suffix

[1.0.0a-2]
- openssl man page fix (#609484)

[1.0.0a-1]
- new upstream patch release, fixes CVE-2010-0742 (#598738)
and CVE-2010-1633 (#598732)




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) openssl-1.0.2k-12.0.3.ksplice1.el7.src.rpm8f370406bb6fc3926070f822ce0d3e55-
openssl-1.0.2k-12.0.3.ksplice1.el7.aarch64.rpm2d8662253dc8fb9ba530ee8786cbfff1-
openssl-devel-1.0.2k-12.0.3.ksplice1.el7.aarch64.rpmf08fc799c97528cfeac21f4c02ce0a2a-
openssl-libs-1.0.2k-12.0.3.ksplice1.el7.aarch64.rpme050e23755c26475aee9457503ab375f-
openssl-perl-1.0.2k-12.0.3.ksplice1.el7.aarch64.rpm76697baa18c50c5714df9fc218f638c6-
openssl-static-1.0.2k-12.0.3.ksplice1.el7.aarch64.rpmbe15ee8f12f8a5ace8f0e720aa9e7250-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete