openssl11-libs-1.1.1k-7.el7 in EPEL 7
↵ Return to the main page of openssl11-libs
View build
Search for updates
Package Info (Data from x86_64 build)
🠗 Changelog
🠗 Provides
🠗 Files
Changelog
| Date | Author | Change |
|---|---|---|
| 2024-01-24 | Robert Scheck <robert at fedoraproject dot org> 1.1.1k-7 | - backport from 1.1.1k-12: Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659). Resolves: RHEL-17696 |
| 2023-11-25 | Robert Scheck <robert at fedoraproject dot org> 1.1.1k-6 | - backport from 1.1.1k-11: Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 - backport from 1.1.1k-10: Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 - backport from 1.1.1k-10: Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 |
| 2023-02-19 | Robert Scheck <robert at fedoraproject dot org> 1.1.1k-5 | - backport from 1.1.1k-9: Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - backport from 1.1.1k-9: Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - backport from 1.1.1k-9: Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - backport from 1.1.1k-9: Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - backport from 1.1.1k-8: Fix no-ec build Resolves: rhbz#2071020 |
| 2022-07-22 | Robert Scheck <robert at fedoraproject dot org> 1.1.1k-4 | - backport from 1.1.1k-7: CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - backport from 1.1.1k-7: Update expired certificates used in the testsuite Resolves: rhbz#2092462 - backport from 1.1.1k-7: CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090372 - backport from 1.1.1k-7: CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098279 |
| 2022-03-28 | Robert Scheck <robert at fedoraproject dot org> 1.1.1k-3 | - backport from 1.1.1k-6: CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates Resolves: rhbz#2067146 |
| 2021-11-17 | Robert Scheck <robert at fedoraproject dot org> 1.1.1k-2 | - backport from 1.1.1k-5: CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Resolves: rhbz#2005402 |
| 2021-11-09 | Robert Scheck <robert at fedoraproject dot org> 1.1.1k-1 | - backport from 1.1.1k-4: Fixes bugs in s390x AES code - backport from 1.1.1k-4: Uses the first detected address family if IPv6 is not available - backport from 1.1.1k-4: Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted, it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already known - https://trac.nginx.org/nginx/ticket/2071#comment:1 As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx could early callback instead of servername callback. Resolves: rhbz#197821, related: rhbz#1934534 - backport from 1.1.1k-3: Cleansup the peer point formats on renegotiation. Resolves rhbz#1965362 - backport from 1.1.1k-2: Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085 - backport from 1.1.1k-2: Using safe primes for FIPS DH self-test - backport from 1.1.1k-1: Update to version 1.1.1k - backport from 1.1.1g-16: Use AI_ADDRCONFIG only when explicit host name is given - backport from 1.1.1g-16: Allow only curves defined in RFC 8446 in TLS 1.3 |
| 2021-03-29 | Robert Scheck <robert at fedoraproject dot org> 1.1.1g-3 | - backport from 1.1.1g-15: version bump - backport from 1.1.1g-14: CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT - backport from 1.1.1g-13: Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing |
| 2020-12-16 | Robert Scheck <robert at fedoraproject dot org> 1.1.1g-2 | - backport from 1.1.1g-12: Fix CVE-2020-1971 ediparty null pointer dereference - backport from 1.1.1g-11.1: Implemented new FIPS requirements in regards to KDF and DH selftests - backport from 1.1.1g-11.1: Disallow certificates with explicit EC parameters |
| 2020-11-13 | Robert Scheck <robert at fedoraproject dot org> 1.1.1g-1 | - backport from 1.1.1g-11: Further changes for SP 800-56A rev3 requirements - backport from 1.1.1g-9: Rewire FIPS_drbg API to use the RAND_DRBG - backport from 1.1.1g-9: Use the well known DH groups in TLS even for 2048 and 1024 bit parameters - backport from 1.1.1g-7: Disallow dropping Extended Master Secret extension on renegotiation - backport from 1.1.1g-7: Return alert from s_server if ALPN protocol does not match - backport from 1.1.1g-7: SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration - backport from 1.1.1g-6: Add FIPS selftest for PBKDF2 and KBKDF - backport from 1.1.1g-5: Allow only well known DH groups in the FIPS mode - backport from 1.1.1g-1: update to the 1.1.1g release - backport from 1.1.1g-1: FIPS module installed state definition is modified |
Provides
- config(openssl11-libs)
- libcrypto.so.1.1()(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0a)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0c)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0d)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0f)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0g)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0h)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0i)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_0j)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_1)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_1b)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_1c)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_1d)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_1e)(64bit)
- libcrypto.so.1.1(OPENSSL_1_1_1h)(64bit)
- libssl.so.1.1()(64bit)
- libssl.so.1.1(OPENSSL_1_1_0)(64bit)
- libssl.so.1.1(OPENSSL_1_1_0d)(64bit)
- libssl.so.1.1(OPENSSL_1_1_1)(64bit)
- libssl.so.1.1(OPENSSL_1_1_1a)(64bit)
- openssl11-libs
- openssl11-libs(x86-64)
Files
- etc/
- pki/
- tls/
- certs/
- ct_log_list.cnf
- misc/
- private/
- certs/
- tls/
- pki/
- usr/
- lib64/
- .libcrypto.so.1.1.1k.hmac
- .libcrypto.so.1.1.hmac
- .libssl.so.1.1.1k.hmac
- .libssl.so.1.1.hmac
- engines-1.1/
- afalg.so
- capi.so
- padlock.so
- libcrypto.so.1.1
- libcrypto.so.1.1.1k
- libssl.so.1.1
- libssl.so.1.1.1k
- share/
- licenses/
- openssl11-libs-1.1.1k/
- LICENSE
- openssl11-libs-1.1.1k/
- licenses/
- lib64/
Sources on Pagure