[ol7_optional_archive] openssl-perl-1:1.0.1e-42.el7.x86_64

OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.

Changelog (Show File list) (Show related packages)

• Thu Jan 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42

  - test in the non-FIPS RSA keygen for minimal distance of p and q
    similarly to the FIPS RSA keygen

• Tue Jan 13 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-41

  - fix CVE-2014-3570 - incorrect computation in BN_sqr()
  - fix CVE-2014-3571 - possible crash in dtls1_get_record()
  - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state
  - fix CVE-2014-8275 - various certificate fingerprint issues
  - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
    ciphersuites and on server
  - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate
  - fix CVE-2015-0206 - possible memory leak when buffering DTLS records

• Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-40

  - use FIPS approved method for computation of d in RSA
  - copy digest algorithm when handling SNI context switch

• Wed Oct 15 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-39

  - fix CVE-2014-3567 - memory leak when handling session tickets
  - fix CVE-2014-3513 - memory leak in srtp support
  - add support for fallback SCSV to partially mitigate CVE-2014-3566
    (padding attack on SSL3)

• Wed Sep 24 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-38

  - do FIPS algorithm selftest before the integrity check

• Thu Sep 18 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-37

  - add support for RFC 5649 (#1119738)
  - do not pass the FIPS integrity check if the .hmac files are empty (#1128849)
  - add ECC TLS extensions to DTLS (#1119803)
  - do not send ECC ciphersuites in SSLv2 client hello (#1090955)
  - properly propagate encryption failure in BIO_f_cipher (#1072439)
  - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
  - improve documentation of ciphersuites - patch by Hubert Kario (#1108026)
  - use case insensitive comparison for servername in s_server (#1081163)
  - add support for automatic ECDH curve selection on server (#1080128)
  - FIPS mode: make the limitations on DSA, DH, and RSA keygen
    length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment
    variable is set

• Wed Aug 13 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-36

  - add support for ppc64le architecture
  - add Power 8 optimalizations

• Fri Aug 08 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-35

  - fix CVE-2014-3505 - doublefree in DTLS packet processing
  - fix CVE-2014-3506 - avoid memory exhaustion in DTLS
  - fix CVE-2014-3507 - avoid memory leak in DTLS
  - fix CVE-2014-3508 - fix OID handling to avoid information leak
  - fix CVE-2014-3509 - fix race condition when parsing server hello
  - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
  - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation

• Tue Jun 03 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-34.3

  - fix CVE-2010-5298 - possible use of memory after free
  - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
  - fix CVE-2014-0198 - possible NULL pointer dereference
  - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
  - fix CVE-2014-0224 - SSL/TLS MITM vulnerability
  - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH

• Tue Apr 08 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-34

  - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension