-
Thu Mar 17 2022 John Mcwalters <john.mcwalters@oracle.com> - 1:1.1.1k-5.0.1
- fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt() [Orabug: 33974871]
-
Fri Nov 12 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
- CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
- Resolves: rhbz#2005400
-
Fri Jul 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-4
- Fixes bugs in s390x AES code.
- Uses the first detected address family if IPv6 is not available
- Reverts the changes in https://github.com/openssl/openssl/pull/13305
as it introduces a regression if server has a DSA key pair, the handshake fails
when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature
will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
known - https://trac.nginx.org/nginx/ticket/2071#comment:1
As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx
could early callback instead of servername callback.
- Resolves: rhbz#1978214
- Related: rhbz#1934534
-
Thu Jun 24 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-3
- Cleansup the peer point formats on renegotiation
- Resolves rhbz#1965362
-
Wed Jun 23 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-2
- Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085
- Using safe primes for FIPS DH self-test
-
Mon May 24 2021 Sahana Prasad <sahana@redhat.com> 1.1.1k-1
- Update to version 1.1.1k
-
Mon Apr 26 2021 Daiki Ueno <dueno@redhat.com> 1.1.1g-16
- Use AI_ADDRCONFIG only when explicit host name is given
- Allow only curves defined in RFC 8446 in TLS 1.3
-
Fri Apr 16 2021 Dmitry Belyavski <dbelyavs@redhat.com> 1.1.1g-15
- Remove 2-key 3DES test from FIPS_selftest
-
Mon Mar 29 2021 Sahana Prasad <sahana@redhat.com> 1.1.1g-14
- Fix CVE-2021-3450 openssl: CA certificate check bypass with
X509_V_FLAG_X509_STRICT
- Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing
-
Fri Dec 04 2020 Sahana Prasad <sahana@redhat.com> 1.1.1g-13
- Fix CVE-2020-1971 ediparty null pointer dereference