Name: | openssl-devel |
---|---|
Epoch: | 1 |
Version: | 1.1.1k |
Release: | 9.el8_7 |
Architecture: | aarch64 |
Group: | Unspecified |
Size: | 3547164 |
License: | OpenSSL and ASL 2.0 |
RPM: | openssl-devel-1.1.1k-9.el8_7.aarch64.rpm |
Source RPM: | openssl-1.1.1k-9.el8_7.src.rpm |
Build Date: | Wed Mar 22 2023 |
Build Host: | build-ol8-aarch64.oracle.com |
Vendor: | Oracle America |
URL: | http://www.openssl.org/ |
Summary: | Files for development of applications which will use OpenSSL |
Description: | OpenSSL is a toolkit for supporting cryptography. The openssl-devel package contains include files needed to develop applications which support various cryptographic algorithms and protocols. |
- Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286
- Fix no-ec build Resolves: rhbz#2071020
- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2092462 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090372 - Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098279
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Resolves: rhbz#2067146
- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#2005402
- Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted, it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already known - https://trac.nginx.org/nginx/ticket/2071#comment:1 As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx could early callback instead of servername callback. - Resolves: rhbz#1978214 - Related: rhbz#1934534
- Cleansup the peer point formats on renegotiation - Resolves rhbz#1965362
- Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085 - Using safe primes for FIPS DH self-test
- Update to version 1.1.1k
- Use AI_ADDRCONFIG only when explicit host name is given - Allow only curves defined in RFC 8446 in TLS 1.3