--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-d51641f152
2019-10-02 01:40:18.127680
--------------------------------------------------------------------------------
Name : openssl
Product : Fedora 29
Version : 1.1.1d
Release : 1.fc29
URL :
http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS
implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
--------------------------------------------------------------------------------
Update Information:
Minor update release 1.1.1d with low impact security fixes. ---- Fix for TLS
non-compliance causing server interoperability problems with golang TLS client.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 13 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1d-1
- update to the 1.1.1d release
* Fri Sep 6 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1c-6
- upstream fix for status request extension non-compliance (#1737471)
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.1.1c-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jun 24 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1c-4
- do not try to use EC groups disallowed in FIPS mode
in TLS
- fix Valgrind regression with constant-time code
* Mon Jun 3 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1c-3
- add upstream patch to defer sending KeyUpdate after
pending writes are complete
* Thu May 30 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1c-2
- fix use of uninitialized memory
* Wed May 29 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1c-1
- update to the 1.1.1c release
* Fri May 10 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-10
- Another attempt at the AES-CCM regression fix
* Fri May 10 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-9
- Fix two small regressions
- Change the ts application default hash to SHA256
* Tue May 7 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-8
- FIPS compliance fixes
* Mon May 6 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-7
- add S390x chacha20-poly1305 assembler support from master branch
* Fri May 3 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-6
- apply new bugfixes from upstream 1.1.1 branch
* Tue Apr 16 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-5
- fix for BIO_get_mem_ptr() regression in 1.1.1b (#1691853)
* Wed Mar 27 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-4
- drop unused BuildRequires and Requires in the -devel subpackage
* Fri Mar 15 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-3
- fix regression in EVP_PBE_scrypt() (#1688284)
- fix incorrect help message in ca app (#1553206)
* Fri Mar 1 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-2
- use .include = syntax in the config file to allow it
to be parsed by 1.0.2 version (#1668916)
* Thu Feb 28 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1b-1
- update to the 1.1.1b release
- EVP_KDF API backport from master
- SSH KDF implementation for EVP_KDF API backport from master
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.1.1a-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Jan 15 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1a-1
- update to the 1.1.1a release
* Fri Nov 9 2018 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1-7
- use /dev/urandom for seeding the RNG in FIPS POST
* Fri Oct 12 2018 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1-6
- fix SECLEVEL 3 support
- fix some issues found in Coverity scan
* Thu Sep 27 2018 Charalampos Stratakis <cstratak(a)redhat.com> - 1:1.1.1-5
- Correctly invoke sed for defining OPENSSL_NO_SSL3
* Thu Sep 27 2018 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1-4
- define OPENSSL_NO_SSL3 so the newly built dependencies do not
have access to SSL3 API calls anymore
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1752102 - CVE-2019-1563 openssl: information disclosure in PKCS7_dataDecode
and CMS_decrypt_set1_pkey [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752102
[ 2 ] Bug #1752097 - CVE-2019-1549 openssl: information disclosure in fork()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752097
[ 3 ] Bug #1752092 - CVE-2019-1547 openssl: side-channel weak encryption vulnerability
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1752092
[ 4 ] Bug #1751027 - openssl-1.1.1d is available
https://bugzilla.redhat.com/show_bug.cgi?id=1751027
[ 5 ] Bug #1737471 - Cannot pull images from
registry.fedoraproject.org
https://bugzilla.redhat.com/show_bug.cgi?id=1737471
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-d51641f152' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------