[ol8_u10_baseos_base] openssl-libs-1:1.1.1k-12.el8_9.x86_64

Name:	openssl-libs
Epoch:	1
Version:	1.1.1k
Release:	12.el8_9
Architecture:	x86_64
Group:	Unspecified
Size:	3773978
License:	OpenSSL and ASL 2.0
RPM:	openssl-libs-1.1.1k-12.el8_9.x86_64.rpm
Source RPM:	openssl-1.1.1k-12.el8_9.src.rpm
Build Date:	Mon Dec 18 2023
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssl.org/
Summary:	A general purpose cryptography library with TLS implementation
Description:	OpenSSL is a toolkit for supporting cryptography. The openssl-libs package contains the libraries that are used by various applications which support cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12

- Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
  (a proper fix for CVE-2020-25659)
  Resolves: RHEL-17696

Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11

- Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
  excessively long X9.42 DH keys or parameters may be very slow
  Resolves: RHEL-16538

Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10

- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
  Resolves: RHEL-14245
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
  Resolves: RHEL-14239

Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9

- Fixed Timing Oracle in RSA Decryption
  Resolves: CVE-2022-4304
- Fixed Double free after calling PEM_read_bio_ex
  Resolves: CVE-2022-4450
- Fixed Use-after-free following BIO_new_NDEF
  Resolves: CVE-2023-0215
- Fixed X.400 address type confusion in X.509 GeneralName
  Resolves: CVE-2023-0286

Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
```
- Fix no-ec build
  Resolves: rhbz#2071020
```

Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7

- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
  Resolves: CVE-2022-2097
- Update expired certificates used in the testsuite
  Resolves: rhbz#2092462
- Fix CVE-2022-1292: openssl: c_rehash script allows command injection
  Resolves: rhbz#2090372
- Fix CVE-2022-2068: the c_rehash script allows command injection
  Resolves: rhbz#2098279

Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6

- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
- Resolves: rhbz#2067146

Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5

- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
- Resolves: rhbz#2005402

Fri Jul 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-4

- Fixes bugs in s390x AES code.
- Uses the first detected address family if IPv6 is not available
- Reverts the changes in https://github.com/openssl/openssl/pull/13305
  as it introduces a regression if server has a DSA key pair, the handshake fails
  when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
  it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature
  will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
  known - https://trac.nginx.org/nginx/ticket/2071#comment:1
  As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx
  could early callback instead of servername callback.
- Resolves: rhbz#1978214
- Related: rhbz#1934534

Thu Jun 24 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-3

- Cleansup the peer point formats on renegotiation
- Resolves rhbz#1965362