stable

openssl11-1.1.1k-1.el7

FEDORA-EPEL-2021-39d32447db created by robert a year ago for Fedora EPEL 7
  • backport from 1.1.1k-4: Fixes bugs in s390x AES code
  • backport from 1.1.1k-4: Uses the first detected address family if IPv6 is not available
  • backport from 1.1.1k-4: Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted, it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already known - https://trac.nginx.org/nginx/ticket/2071#comment:1 and as per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx could early callback instead of servername callback. Resolves: #197821, related: #1934534
  • backport from 1.1.1k-3: Cleansup the peer point formats on renegotiation. Resolves #1965362
  • backport from 1.1.1k-2: Fixes FIPS_selftest to work in FIPS mode. Resolves: #1940085
  • backport from 1.1.1k-2: Using safe primes for FIPS DH self-test
  • backport from 1.1.1k-1: Update to version 1.1.1k
  • backport from 1.1.1g-16: Use AI_ADDRCONFIG only when explicit host name is given
  • backport from 1.1.1g-16: Allow only curves defined in RFC 8446 in TLS 1.3

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by robert.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Builds
1
openssl11-1.1.1k-1.el7
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1908036 openssl listens on IPv4 "any" socket only not on IPv6
0
0
BZ#1930310 CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
0
0
BZ#1930315 CVE-2021-23841 openssl11: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() [epel-7]
0
0
BZ#1930324 CVE-2021-23840 openssl: integer overflow in CipherUpdate
0
0
BZ#1930326 CVE-2021-23840 openssl11: openssl: integer overflow in CipherUpdate [epel-7]
0
0
BZ#1934534 Rebase OpenSSL to 1.1.1k
0
0
BZ#1939637 Openssl -dtls option breaks in FIPS mode[rhel8]
0
0
BZ#1940085 FIPS_selftest() fails in FIPS mode.
0
0
BZ#1965362 In renegotiated handshake openssl sends extensions which client didn't advertise in second ClientHello [rhel-8]
0
0
openssl11-1.1.1k-1.el7

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.1^202309080750gitab9cc47 on bodhi-web-111-vskbv.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy