ELSA-2020-4514

ELSA-2020-4514 - openssl security, bug fix, and enhancement update

Type:	SECURITY
Severity:	LOW
Release Date:	2020-11-10

Description

[1.1.1g-11]
- Further changes for SP 800-56A rev3 requirements

[1.1.1g-9]
- Rewire FIPS_drbg API to use the RAND_DRBG
- Use the well known DH groups in TLS even for 2048 and 1024 bit parameters

[1.1.1g-7]
- Disallow dropping Extended Master Secret extension
on renegotiation
- Return alert from s_server if ALPN protocol does not match
- SHA1 is allowed in @SECLEVEL=2 only if allowed by
TLS SigAlgs configuration

[1.1.1g-6]
- Add FIPS selftest for PBKDF2 and KBKDF

[1.1.1g-5]
- Allow only well known DH groups in the FIPS mode

[1.1.1g-1]
- update to the 1.1.1g release
- FIPS module installed state definition is modified

Related CVEs

CVE-2019-1551

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 8 (aarch64)	openssl-1.1.1g-11.el8.src.rpm	5e7aa714c9fff74a98d1ec26a7bf0149	-
	openssl-1.1.1g-11.el8.aarch64.rpm	a5422926f84a5e2c7d2457c9b07efa87	-
	openssl-devel-1.1.1g-11.el8.aarch64.rpm	cf6b5784f342ac9fc26d931ed1a7c5ea	-
	openssl-libs-1.1.1g-11.el8.aarch64.rpm	da5929453995a9eb876d183bd4c7530d	-
	openssl-perl-1.1.1g-11.el8.aarch64.rpm	1ed55cfa9504fce218b96d55c27e40ed	-
Oracle Linux 8 (x86_64)	openssl-1.1.1g-11.el8.src.rpm	5e7aa714c9fff74a98d1ec26a7bf0149	-
	openssl-1.1.1g-11.el8.x86_64.rpm	4f388ca94970e48352a5805be4bd67ce	-
	openssl-devel-1.1.1g-11.el8.i686.rpm	a5273b572aef592f2d970483c697d9f8	-
	openssl-devel-1.1.1g-11.el8.x86_64.rpm	39904672b3ee743d387431ceee3787cb	-
	openssl-libs-1.1.1g-11.el8.i686.rpm	828b02e98060db611a31c8d1c3ae35f4	-
	openssl-libs-1.1.1g-11.el8.x86_64.rpm	b9148b0ce43094e92b51ea83dea766a2	-
	openssl-perl-1.1.1g-11.el8.x86_64.rpm	8d2773c648a2210ffadfc3f76580eab8	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team