ELSA-2018-0998

ELSA-2018-0998 - openssl security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2018-04-16

Description


[1.0.2k-12.0.1]
- sha256 is used for the RSA pairwise consistency test instead of sha1

[1.0.2k-12]
- fix CVE-2017-3737 - incorrect handling of fatal error state
- fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus

[1.0.2k-11]
- fix deadlock in RNG in the FIPS mode in mariadb

[1.0.2k-9]
- fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication


Related CVEs


CVE-2017-3736
CVE-2017-3737
CVE-2017-3738

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) openssl-1.0.2k-12.0.1.el7.src.rpm073b69ab1030afa4adb6c7cda2385430-
openssl-1.0.2k-12.0.1.el7.x86_64.rpm4740a64b98ce7721f0ee7b9fe2acf940-
openssl-devel-1.0.2k-12.0.1.el7.i686.rpmd7472816dd4c0a5764daa5a1bced9dda-
openssl-devel-1.0.2k-12.0.1.el7.x86_64.rpm609fa27d687dc727bdc08f9888a803e6-
openssl-libs-1.0.2k-12.0.1.el7.i686.rpmc998dc198de28a56bff7d8d19e92f466-
openssl-libs-1.0.2k-12.0.1.el7.x86_64.rpm25388fdd87106a33d11d7cf0b8889a51-
openssl-perl-1.0.2k-12.0.1.el7.x86_64.rpmbea09d23f1632a5dc5c12de6e675710e-
openssl-static-1.0.2k-12.0.1.el7.i686.rpmcd6348feb2e70e99a9e44cbfbc9739f6-
openssl-static-1.0.2k-12.0.1.el7.x86_64.rpmdd451b76b9ea551a52d5cad9b2d8a799-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete