-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-d51641f152 2019-10-02 01:40:18.127680 --------------------------------------------------------------------------------
Name : openssl Product : Fedora 29 Version : 1.1.1d Release : 1.fc29 URL : http://www.openssl.org/ Summary : Utilities from the general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
-------------------------------------------------------------------------------- Update Information:
Minor update release 1.1.1d with low impact security fixes. ---- Fix for TLS non-compliance causing server interoperability problems with golang TLS client. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 13 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1d-1 - update to the 1.1.1d release * Fri Sep 6 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1c-6 - upstream fix for status request extension non-compliance (#1737471) * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 1:1.1.1c-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Mon Jun 24 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1c-4 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code * Mon Jun 3 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1c-3 - add upstream patch to defer sending KeyUpdate after pending writes are complete * Thu May 30 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1c-2 - fix use of uninitialized memory * Wed May 29 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1c-1 - update to the 1.1.1c release * Fri May 10 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-10 - Another attempt at the AES-CCM regression fix * Fri May 10 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-9 - Fix two small regressions - Change the ts application default hash to SHA256 * Tue May 7 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-8 - FIPS compliance fixes * Mon May 6 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-7 - add S390x chacha20-poly1305 assembler support from master branch * Fri May 3 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-6 - apply new bugfixes from upstream 1.1.1 branch * Tue Apr 16 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-5 - fix for BIO_get_mem_ptr() regression in 1.1.1b (#1691853) * Wed Mar 27 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-4 - drop unused BuildRequires and Requires in the -devel subpackage * Fri Mar 15 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-3 - fix regression in EVP_PBE_scrypt() (#1688284) - fix incorrect help message in ca app (#1553206) * Fri Mar 1 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-2 - use .include = syntax in the config file to allow it to be parsed by 1.0.2 version (#1668916) * Thu Feb 28 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1b-1 - update to the 1.1.1b release - EVP_KDF API backport from master - SSH KDF implementation for EVP_KDF API backport from master * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1:1.1.1a-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Jan 15 2019 Tom���� Mr��z tmraz@redhat.com 1.1.1a-1 - update to the 1.1.1a release * Fri Nov 9 2018 Tom���� Mr��z tmraz@redhat.com 1.1.1-7 - use /dev/urandom for seeding the RNG in FIPS POST * Fri Oct 12 2018 Tom���� Mr��z tmraz@redhat.com 1.1.1-6 - fix SECLEVEL 3 support - fix some issues found in Coverity scan * Thu Sep 27 2018 Charalampos Stratakis cstratak@redhat.com - 1:1.1.1-5 - Correctly invoke sed for defining OPENSSL_NO_SSL3 * Thu Sep 27 2018 Tom���� Mr��z tmraz@redhat.com 1.1.1-4 - define OPENSSL_NO_SSL3 so the newly built dependencies do not have access to SSL3 API calls anymore -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1752102 - CVE-2019-1563 openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752102 [ 2 ] Bug #1752097 - CVE-2019-1549 openssl: information disclosure in fork() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752097 [ 3 ] Bug #1752092 - CVE-2019-1547 openssl: side-channel weak encryption vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1752092 [ 4 ] Bug #1751027 - openssl-1.1.1d is available https://bugzilla.redhat.com/show_bug.cgi?id=1751027 [ 5 ] Bug #1737471 - Cannot pull images from registry.fedoraproject.org https://bugzilla.redhat.com/show_bug.cgi?id=1737471 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-d51641f152' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------