stable
FEDORA-EPEL-2021-39d32447db created by robert 10 months ago for Fedora EPEL 7
  • backport from 1.1.1k-4: Fixes bugs in s390x AES code
  • backport from 1.1.1k-4: Uses the first detected address family if IPv6 is not available
  • backport from 1.1.1k-4: Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted, it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already known - https://trac.nginx.org/nginx/ticket/2071#comment:1 and as per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx could early callback instead of servername callback. Resolves: #197821, related: #1934534
  • backport from 1.1.1k-3: Cleansup the peer point formats on renegotiation. Resolves #1965362
  • backport from 1.1.1k-2: Fixes FIPS_selftest to work in FIPS mode. Resolves: #1940085
  • backport from 1.1.1k-2: Using safe primes for FIPS DH self-test
  • backport from 1.1.1k-1: Update to version 1.1.1k
  • backport from 1.1.1g-16: Use AI_ADDRCONFIG only when explicit host name is given
  • backport from 1.1.1g-16: Allow only curves defined in RFC 8446 in TLS 1.3

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by robert.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update's test gating status has been changed to 'waiting'.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update has been pushed to testing.

10 months ago

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
10 months ago
in testing
10 months ago
in stable
10 months ago
BZ#1908036 openssl listens on IPv4 "any" socket only not on IPv6
0
0
BZ#1930310 CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
0
0
BZ#1930315 CVE-2021-23841 openssl11: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() [epel-7]
0
0
BZ#1930324 CVE-2021-23840 openssl: integer overflow in CipherUpdate
0
0
BZ#1930326 CVE-2021-23840 openssl11: openssl: integer overflow in CipherUpdate [epel-7]
0
0
BZ#1934534 Rebase OpenSSL to 1.1.1k
0
0
BZ#1939637 Openssl -dtls option breaks in FIPS mode[rhel8]
0
0
BZ#1940085 FIPS_selftest() fails in FIPS mode.
0
0
BZ#1965362 In renegotiated handshake openssl sends extensions which client didn't advertise in second ClientHello [rhel-8]
0
0

Automated Test Results