--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-02a38af202
2018-10-02 15:02:33.025994
--------------------------------------------------------------------------------
Name : openssl
Product : Fedora 27
Version : 1.1.0i
Release : 1.fc27
URL :
http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS
implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.0i version from upstream fixing minor security issues.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 20 2018 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.0i-1
- update to upstream version 1.1.0i
* Tue Apr 3 2018 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.0h-3
- fix regression of c_rehash (#1562953)
* Thu Mar 29 2018 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.0h-1
- update to upstream version 1.1.0h
- apply RPM_LD_FLAGS properly (#1541033)
- silence the .rnd write failure as that is auxiliary functionality (#1524833)
* Fri Nov 3 2017 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.0g-1
- update to upstream version 1.1.0g
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1568256 - CVE-2018-0737 openssl: RSA key generation cache timing
vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1568256
[ 2 ] Bug #1591101 - CVE-2018-0732 openssl: Malicious server can send large prime to
client during DH(E) TLS handshake causing the client to hang [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1591101
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-02a38af202' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------