-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2024-c58045d54f 2024-06-27 00:31:44.458279 --------------------------------------------------------------------------------
Name : openssl3 Product : Fedora EPEL 8 Version : 3.2.2 Release : 2.1.el8 URL : http://www.openssl.org/ Summary : Utilities from the general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
-------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2024-4741 openssl3: openssl: Use After Free with SSL_free_buffers -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 17 2024 Michel Lind salimma@fedoraproject.org - 3.2.2-2.1 - Merge c9s openssl changes to pick up CVE fixes * Wed Jun 12 2024 Daiki Ueno dueno@redhat.com - 1:3.2.2-2 - Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers Resolves: RHEL-40823 * Wed Jun 5 2024 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.2.2-1 - Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, and Minerva attack. Resolves: RHEL-32148 Resolves: RHEL-36792 Resolves: RHEL-38514 Resolves: RHEL-39111 * Thu May 23 2024 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.2.1-2 - Update RNG changing for FIPS purpose Resolves: RHEL-35380 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2283763 - CVE-2024-4741 openssl3: openssl: Use After Free with SSL_free_buffers [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2283763 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update openssl3' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org