ELSA-2018-0998

ELSA-2018-0998 - openssl security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2018-04-16

Description


[1.0.2k-12.0.1]
- sha256 is used for the RSA pairwise consistency test instead of sha1

[1.0.2k-12]
- fix CVE-2017-3737 - incorrect handling of fatal error state
- fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus

[1.0.2k-11]
- fix deadlock in RNG in the FIPS mode in mariadb

[1.0.2k-9]
- fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication


Related CVEs


CVE-2017-3736
CVE-2017-3737
CVE-2017-3738

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) openssl-1.0.2k-12.0.1.el7.src.rpm073b69ab1030afa4adb6c7cda2385430ELSA-2017-3518
openssl-1.0.2k-12.0.1.el7.aarch64.rpm7a71d861e62f3224a554d60f3358b236ELSA-2017-3518
openssl-devel-1.0.2k-12.0.1.el7.aarch64.rpma1a39a9301d22af24df3e1a4555231ecELSA-2017-3518
openssl-libs-1.0.2k-12.0.1.el7.aarch64.rpmad242bba76104ae1182e9ed54f12fc3aELSA-2017-3518
openssl-perl-1.0.2k-12.0.1.el7.aarch64.rpmbae81e713effb3f45008171b60924864ELSA-2017-3518
openssl-static-1.0.2k-12.0.1.el7.aarch64.rpm1c73039a940d8b48b4c6166535b18b40ELSA-2017-3518
Oracle Linux 7 (x86_64) openssl-1.0.2k-12.0.1.el7.src.rpm073b69ab1030afa4adb6c7cda2385430ELSA-2017-3518
openssl-1.0.2k-12.0.1.el7.x86_64.rpm4740a64b98ce7721f0ee7b9fe2acf940ELSA-2017-3518
openssl-devel-1.0.2k-12.0.1.el7.i686.rpmd7472816dd4c0a5764daa5a1bced9ddaELSA-2017-3518
openssl-devel-1.0.2k-12.0.1.el7.x86_64.rpm609fa27d687dc727bdc08f9888a803e6ELSA-2017-3518
openssl-libs-1.0.2k-12.0.1.el7.i686.rpmc998dc198de28a56bff7d8d19e92f466ELSA-2017-3518
openssl-libs-1.0.2k-12.0.1.el7.x86_64.rpm25388fdd87106a33d11d7cf0b8889a51ELSA-2017-3518
openssl-perl-1.0.2k-12.0.1.el7.x86_64.rpmbea09d23f1632a5dc5c12de6e675710eELSA-2017-3518
openssl-static-1.0.2k-12.0.1.el7.i686.rpmcd6348feb2e70e99a9e44cbfbc9739f6ELSA-2017-3518
openssl-static-1.0.2k-12.0.1.el7.x86_64.rpmdd451b76b9ea551a52d5cad9b2d8a799ELSA-2017-3518



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete