ELBA-2020-6000 - openssl bug fix update

Release Date:2021-01-07


- Bump release for rebuild.

- use SHA-256 in FIPS RSA pairwise key check
- fix CVE-2018-5407 - EC signature local timing side-channel key extraction

- fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA
- fix incorrect error message on FIPS DSA parameter generation (#1603597)

- ppc64le is not multilib architecture (#1585004)

- add S390x assembler updates
- make CA name list comparison function case sensitive (#1548401)
- fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily
- fix CVE-2018-0732 - large prime DH DoS of TLS client
- fix CVE-2018-0737 - RSA key generation cache timing vulnerability
- fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure

- fix CVE-2017-3737 - incorrect handling of fatal error state
- fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus

- fix deadlock in RNG in the FIPS mode in mariadb

- fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication

- fix regression in openssl req -x509 command (#1450015)

- handle incorrect size gracefully in aes_p8_cbc_encrypt()

- allow long client hellos to be received by server

- fix CPU features detection on new AMD processors

- add support for additional STARTTLS protocols to s_client
original backported patch by Robert Scheck (#1396209)

- properly document the SSLv2 support removal

- add PPC assembler updates

- minor upstream release 1.0.2k fixing security issues

- deprecate and disable verification of insecure hash algorithms
- add support for /etc/pki/tls/legacy-settings also for minimum DH length
accepted by SSL client
- compare the encrypt and tweak key in XTS as required by FIPS

- rebase to latest upstream release from the 1.0.2 branch, ABI compatible

- fix CVE-2016-2177 - possible integer overflow
- fix CVE-2016-2178 - non-constant time DSA operations
- fix CVE-2016-2179 - further DoS issues in DTLS
- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()
- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue
- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check
- fix CVE-2016-6304 - unbound memory growth with OCSP status request
- fix CVE-2016-6306 - certificate message OOB reads
- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to
112 bit effective strength

- replace expired testing certificates

- fix CVE-2016-2105 - possible overflow in base64 encoding
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO

- fix 1-byte memory leak in pkcs12 parse (#1312112)
- document some options of the speed command (#1312110)
- fix high-precision timestamps in timestamping authority
- enable SCTP support in DTLS
- use correct digest when exporting keying material in TLS1.2 (#1289620)
- fix CVE-2016-0799 - memory issues in BIO_printf
- add support for setting Kerberos service and keytab in
s_server and s_client

- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn

- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method

- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2

- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint

- fix the CVE-2015-1791 fix (broken server side renegotiation)

- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable

- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function

- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
read in multithreaded applications

- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)

- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)

- update fix for CVE-2015-0287 to what was released upstream

- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server

- fix broken error detection when unwrapping unpadded key

- fix the RFC 5649 for key material that does not need padding

- test in the non-FIPS RSA keygen for minimal distance of p and q
similarly to the FIPS RSA keygen

- fix CVE-2014-3570 - incorrect computation in BN_sqr()
- fix CVE-2014-3571 - possible crash in dtls1_get_record()
- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state
- fix CVE-2014-8275 - various certificate fingerprint issues
- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
ciphersuites and on server
- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate
- fix CVE-2015-0206 - possible memory leak when buffering DTLS records

- use FIPS approved method for computation of d in RSA
- copy digest algorithm when handling SNI context switch

- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
(padding attack on SSL3)

- do FIPS algorithm selftest before the integrity check

- add support for RFC 5649 (#1119738)
- do not pass the FIPS integrity check if the .hmac files are empty (#1128849)
- add ECC TLS extensions to DTLS (#1119803)
- do not send ECC ciphersuites in SSLv2 client hello (#1090955)
- properly propagate encryption failure in BIO_f_cipher (#1072439)
- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
- improve documentation of ciphersuites - patch by Hubert Kario (#1108026)
- use case insensitive comparison for servername in s_server (#1081163)
- add support for automatic ECDH curve selection on server (#1080128)
- FIPS mode: make the limitations on DSA, DH, and RSA keygen
length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment
variable is set

- add support for ppc64le architecture
- add Power 8 optimalizations

- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3507 - avoid memory leak in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3509 - fix race condition when parsing server hello
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation

- fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH

- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

- use the key length from configuration file if req -newkey rsa is invoked

- avoid unnecessary reseeding in BN_rand in the FIPS mode

- print ephemeral key size negotiated in TLS handshake (#1057715)
- add DH_compute_key_padded needed for FIPS CAVS testing
- make expiration and key length changeable by DAYS and KEYLEN
variables in the certificate Makefile (#1058108)
- change default hash to sha256 (#1062325)
- lower the actual 3des strength so it is sorted behind aes128 (#1056616)

- Mass rebuild 2014-01-24

- rebuild with -O3 on ppc64 architecture

- fix CVE-2013-4353 - Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1

- Mass rebuild 2013-12-27

- fix CVE-2013-6449 - crash when version in SSL structure is incorrect
- drop weak ciphers from the default TLS ciphersuite list
- add back some symbols that were dropped with update to 1.0.1 branch
- more FIPS validation requirement changes

- fix locking and reseeding problems with FIPS drbg

- additional changes required for FIPS validation
- disable verification of certificate, CRL, and OCSP signatures
using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable
is not set

- add back support for secp521r1 EC curve
- add aarch64 to Configure (#969692)

- do not advertise ECC curves we do not support (#1022493)

- make DTLS1 work in FIPS mode
- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
- drop the -fips subpackage, installation of dracut-fips marks that the FIPS
module is installed
- avoid dlopening libssl.so from libcrypto
- fix small memory leak in FIPS aes selftest
- fix segfault in openssl speed hmac in the FIPS mode

- document the nextprotoneg option in manual pages
original patch by Hubert Kario
- try to avoid some races when updating the -fips subpackage

- use version-release in .hmac suffix to avoid overwrite
during upgrade

- always perform the FIPS selftests in library constructor
if FIPS module is installed

- add -fips subpackage that contains the FIPS module files

- fix use of rdrand if available
- more commits cherry picked from upstream
- documentation fixes

- additional manual page fix
- use symbol versioning also for the textual version

- additional manual page fixes
- cleanup speed command output for ECDH ECDSA

- use _prefix macro

- add openssl.cnf.5 manpage symlink to config.5

- add relro linking flag

- add support for the -trusted_first option for certificate chain verification

- disable GOST engine

- add symbol version for ECC functions

- update the FIPS selftests to use 256 bit curves

- enabled NIST Suite B ECC curves and algorithms

- fix random bad record mac errors (#918981)


- disable ZLIB loading by default (due to CRIME attack)

- new upstream version

- more fixes from upstream
- fix errors in manual causing build failure (#904777)

- add script for renewal of a self-signed cert by Philip Prindeville (#871566)
- allow X509_issuer_and_serial_hash() produce correct result in
the FIPS mode (#881336)

- do not load default verify paths if CApath or CAfile specified (#884305)

- more fixes from upstream CVS
- fix DSA key pairwise check (#878597)

- use 1024 bit DH parameters in s_server as 512 bit is not allowed
in FIPS mode and it is quite weak anyway

- add missing initialization of str in aes_ccm_init_key (#853963)
- add important patches from upstream CVS
- use the secure_getenv() with new glibc

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

- use __getenv_secure() instead of __libc_enable_secure

- do not move libcrypto to /lib
- do not use environment variables if __libc_enable_secure is on
- fix strict aliasing problems in modes

- fix DSA key generation in FIPS mode (#833866)
- allow duplicate FIPS_mode_set(1)
- enable build on ppc64 subarch (#834652)

- fix s_server with new glibc when no global IPv6 address (#839031)
- make it build with new Perl

- new upstream version

- new upstream version

- new upstream version fixing CVE-2012-2110

- add Kerberos 5 libraries to pkgconfig for static linking (#807050)

- backports from upstream CVS
- fix segfault when /dev/urandom is not available (#809586)

- new upstream release

- add obsoletes to assist multilib updates (#799636)

- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- new upstream release from the 1.0.1 branch
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)

- new upstream release from the 1.0.1 branch, ABI compatible
- add documentation for the -no_ign_eof option

- new upstream release fixing CVE-2012-0050 - DoS regression in
DTLS support introduced by the previous release (#782795)

- new upstream release fixing multiple CVEs

- move the libraries needed for static linking to Libs.private

- do not use AVX instructions when osxsave bit not set
- add direct known answer tests for SHA2 algorithms

- fix missing initialization of variable in CHIL engine

- new upstream release fixing CVE-2011-3207 (#736088)

- drop the separate engine for Intel acceleration improvements
and merge in the AES-NI, SHA1, and RC4 optimizations
- add support for OPENSSL_DISABLE_AES_NI environment variable
that disables the AES-NI support

- correct openssl cms help output (#636266)
- more tolerant starttls detection in XMPP protocol (#608239)

- add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine

- allow the AES-NI engine in the FIPS mode

- add API necessary for CAVS testing of the new DSA parameter generation

- add support for VIA Padlock on 64bit arch from upstream (#617539)
- do not return bogus values from load_certs (#652286)

- clarify apps help texts for available digest algorithms (#693858)

- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

- add -x931 parameter to openssl genrsa command to use the ANSI X9.31
key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
to allow using MD5 when the system is in the maintenance state
even if the /proc fips flag is on
- make openssl pkcs12 command work by default in the FIPS mode

- listen on ipv6 wildcard in s_server so we accept connections
from both ipv4 and ipv6 (#601612)
- fix openssl speed command so it can be used in the FIPS mode
with FIPS allowed ciphers

- new upstream version fixing CVE-2010-4180

- replace the revert for the s390x bignum asm routines with
fix from upstream

- revert upstream change in s390x bignum asm routines

- new upstream version fixing CVE-2010-3864 (#649304)

- make SHLIB_VERSION reflect the library suffix

- openssl man page fix (#609484)

- new upstream patch release, fixes CVE-2010-0742 (#598738)
and CVE-2010-1633 (#598732)

Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) openssl-1.0.2k-16.0.1.ksplice1.el7_6.1.src.rpm1f896bc6ee9521fd4e7246dae7b69217-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team