[ol7_latest_archive] openssl-libs-1:1.0.1e-42.el7_1.6.x86_64

Name:	openssl-libs
Epoch:	1
Version:	1.0.1e
Release:	42.el7_1.6
Architecture:	x86_64
Group:	System Environment/Libraries
Size:	2679508
License:	OpenSSL
RPM:	openssl-libs-1.0.1e-42.el7_1.6.x86_64.rpm
Source RPM:	openssl-1.0.1e-42.el7_1.6.src.rpm
Build Date:	Thu Jun 04 2015
Build Host:	x86-ol7-builder-03.us.oracle.com
Vendor:	Oracle America
URL:	http://www.openssl.org/
Summary:	A general purpose cryptography library with TLS implementation
Description:	OpenSSL is a toolkit for supporting cryptography. The openssl-libs package contains the libraries that are used by various applications which support cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

Mon May 25 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.6

- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
  the DH key size to at least 768 bits (limit will be increased in future)

Thu Mar 26 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.5

- drop the AES-GCM restriction of 2^32 operations because the IV is
  always 96 bits (32 bit fixed field + 64 bit invocation field)

Thu Mar 19 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.4

- update fix for CVE-2015-0287 to what was released upstream

Wed Mar 18 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.3

- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server

Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.2
```
- fix broken error detection when unwrapping unpadded key
```

Mon Mar 02 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.1

- fix the RFC 5649 for key material that does not need padding

Thu Jan 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42

- test in the non-FIPS RSA keygen for minimal distance of p and q
  similarly to the FIPS RSA keygen

Tue Jan 13 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-41

- fix CVE-2014-3570 - incorrect computation in BN_sqr()
- fix CVE-2014-3571 - possible crash in dtls1_get_record()
- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state
- fix CVE-2014-8275 - various certificate fingerprint issues
- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
  ciphersuites and on server
- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate
- fix CVE-2015-0206 - possible memory leak when buffering DTLS records

Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-40

- use FIPS approved method for computation of d in RSA
- copy digest algorithm when handling SNI context switch

Wed Oct 15 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-39

- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
  (padding attack on SSL3)