-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-62ef58ec56 2020-11-29 00:39:21.923294 --------------------------------------------------------------------------------
Name : openssl11 Product : Fedora EPEL 7 Version : 1.1.1g Release : 1.el7 URL : http://www.openssl.org/ Summary : Utilities from the general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
-------------------------------------------------------------------------------- Update Information:
- backport from 1.1.1g-11: Further changes for SP 800-56A rev3 requirements - backport from 1.1.1g-9: Rewire FIPS_drbg API to use the RAND_DRBG - backport from 1.1.1g-9: Use the well known DH groups in TLS even for 2048 and 1024 bit parameters - backport from 1.1.1g-7: Disallow dropping Extended Master Secret extension on renegotiation - backport from 1.1.1g-7: Return alert from s_server if ALPN protocol does not match - backport from 1.1.1g-7: SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration - backport from 1.1.1g-6: Add FIPS selftest for PBKDF2 and KBKDF - backport from 1.1.1g-5: Allow only well known DH groups in the FIPS mode - backport from 1.1.1g-1: update to the 1.1.1g release - backport from 1.1.1g-1: FIPS module installed state definition is modified -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 13 2020 Robert Scheck robert@fedoraproject.org 1.1.1g-1 - backport from 1.1.1g-11: Further changes for SP 800-56A rev3 requirements - backport from 1.1.1g-9: Rewire FIPS_drbg API to use the RAND_DRBG - backport from 1.1.1g-9: Use the well known DH groups in TLS even for 2048 and 1024 bit parameters - backport from 1.1.1g-7: Disallow dropping Extended Master Secret extension on renegotiation - backport from 1.1.1g-7: Return alert from s_server if ALPN protocol does not match - backport from 1.1.1g-7: SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration - backport from 1.1.1g-6: Add FIPS selftest for PBKDF2 and KBKDF - backport from 1.1.1g-5: Allow only well known DH groups in the FIPS mode - backport from 1.1.1g-1: update to the 1.1.1g release - backport from 1.1.1g-1: FIPS module installed state definition is modified -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1780995 - CVE-2019-1551 openssl: Integer overflow in RSAZ modular exponentiation on x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1780995 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update openssl11' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------