[ol8_developer_EPEL] openssl3-libs-3.0.7-5.el8.1.x86_64

OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

• Thu Feb 09 2023 Michel Alexandre Salim <salimma@fedoraproject.org> 3.0.7-5.1

  - Merge c9s openssl changes to pick up CVE fixes
  - Back out f2a49ef424f831aac988356fc8b2b910e443dc42 as that caused test failures

• Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5

  - Fixed X.509 Name Constraints Read Buffer Overflow
    Resolves: CVE-2022-4203
  - Fixed Timing Oracle in RSA Decryption
    Resolves: CVE-2022-4304
  - Fixed Double free after calling PEM_read_bio_ex
    Resolves: CVE-2022-4450
  - Fixed Use-after-free following BIO_new_NDEF
    Resolves: CVE-2023-0215
  - Fixed Invalid pointer dereference in d2i_PKCS7 functions
    Resolves: CVE-2023-0216
  - Fixed NULL dereference validating DSA public key
    Resolves: CVE-2023-0217
  - Fixed X.400 address type confusion in X.509 GeneralName
    Resolves: CVE-2023-0286
  - Fixed NULL dereference during PKCS7 data verification
    Resolves: CVE-2023-0401

• Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4

  - Disallow SHAKE in RSA-OAEP decryption in FIPS mode
    Resolves: rhbz#2142121

• Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3

  - Refactor OpenSSL fips module MAC verification
    Resolves: rhbz#2157965

• Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2

  - Various provider-related imrovements necessary for PKCS#11 provider correct operations
    Resolves: rhbz#2142517
  - We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
    Resolves: rhbz#2133809
  - Removed recommended package for openssl-libs
    Resolves: rhbz#2093804
  - Adjusting include for the FIPS_mode macro
    Resolves: rhbz#2083879
  - Backport of ppc64le Montgomery multiply enhancement
    Resolves: rhbz#2130708
  - Fix explicit indicator for PSS salt length in FIPS mode when used with
    negative magic values
    Resolves: rhbz#2142087
  - Update change to default PSS salt length with patch state from upstream 
    Related: rhbz#2142087

• Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1

  - Rebasing to OpenSSL 3.0.7
    Resolves: rhbz#2129063

• Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44

  - SHAKE-128/256 are not allowed with RSA in FIPS mode
    Resolves: rhbz#2144010
  - Avoid memory leaks in TLS
    Resolves: rhbz#2144008
  - FIPS RSA CRT tests must use correct parameters
    Resolves: rhbz#2144006
  - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
    Resolves: rhbz#2144017
  - Remove support for X9.31 signature padding in FIPS mode
    Resolves: rhbz#2144015
  - Add explicit indicator for SP 800-108 KDFs with short key lengths
    Resolves: rhbz#2144019
  - Add explicit indicator for HMAC with short key lengths
    Resolves: rhbz#2144000
  - Set minimum password length for PBKDF2 in FIPS mode
    Resolves: rhbz#2144003
  - Add explicit indicator for PSS salt length in FIPS mode
    Resolves: rhbz#2144012
  - Clamp default PSS salt length to digest size for FIPS 186-4 compliance
    Related: rhbz#2144012
  - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
    Resolves: rhbz#2145170

• Tue Nov 01 2022 Michel Alexandre Salim <salimma@fedoraproject.org> 3.0.1-43.1

  - Merge c9s openssl changes to pick up CVE fixes

• Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43

  - CVE-2022-3602: X.509 Email Address Buffer Overflow
  - CVE-2022-3786: X.509 Email Address Buffer Overflow
    Resolves: CVE-2022-3602

• Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42

  - CVE-2022-3602: X.509 Email Address Buffer Overflow
    Resolves: CVE-2022-3602 (rhbz#2137723)