-
Fri Jan 19 2018 Ilya Okomin <ilya.okomin@oracle.com> 3.3.24-1.0.3
- ECDSA KAT included into selftests for FIPS140-2 compliance
-
Tue Jul 12 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.24-1
- Addressed issue with DSA public keys smaller than 2^1024 (#1238279)
- Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365)
- When writing certificates to smart cards write the CKA_ISSUER and
CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179)
- Use the shared system certificate store (#1110750)
- Address MD5 transcript collision attacks in TLS key exchange (#1289888,
CVE-2015-7575)
- Allow hashing data over 2^32 bytes (#1306953)
- Ensure written PKCS#11 public keys are not marked as private (#1339453)
- Ensure secure_getenv() is called on all uses of environment variables
(#1344591).
- Fix issues related to PKCS #11 private key listing on certain HSMs
(#1351389)
-
Fri Jun 05 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-13
- Corrected reseed and respect of max_number_of_bits_per_request in
FIPS140-2 mode. Also enhanced the initial tests. (#1228199)
-
Mon Jan 05 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-12
- corrected fix of handshake buffer resets (#1153106)
-
Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-11
- Applied fix for urandom FD in FIPS140 mode (#1165047)
- Applied fix for FIPS140-2 related regression (#1110696)
-
Tue Dec 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-10
- Amended fix for urandom FD to avoid regression in FIPS140 mode (#1165047)
-
Tue Nov 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-9
- Amended fix for FIPS enforcement issue (#1163848)
- Fixed issue with applications that close all file descriptors (#1165047)
-
Thu Nov 13 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-8
- Applied fix for FIPS enforcement issue when only /etc/system-fips
existed (#1163848)
-
Fri Nov 07 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-7
- Applied fix for CVE-2014-8564 (#1161473)
-
Wed Oct 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-6
- when generating test DH keys, enforce the q_bits.