[ol7_optional_latest] openssl-perl-1:1.0.1e-60.el7.aarch64

Name:	openssl-perl
Epoch:	1
Version:	1.0.1e
Release:	60.el7
Architecture:	aarch64
Group:	Applications/Internet
Size:	20265
License:	OpenSSL
RPM:	openssl-perl-1.0.1e-60.el7.aarch64.rpm
Source RPM:	openssl-1.0.1e-60.el7.src.rpm
Build Date:	Fri May 04 2018
Build Host:	ca-buildarm01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.openssl.org/
Summary:	Perl scripts provided with OpenSSL
Description:	OpenSSL is a toolkit for supporting cryptography. The openssl-perl package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit.

Changelog (Show File list) (Show related packages)

Thu Sep 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-60

- fix CVE-2016-2177 - possible integer overflow
- fix CVE-2016-2178 - non-constant time DSA operations
- fix CVE-2016-2179 - further DoS issues in DTLS
- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()
- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue
- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check
- fix CVE-2016-6304 - unbound memory growth with OCSP status request
- fix CVE-2016-6306 - certificate message OOB reads
- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to
  112 bit effective strength

Tue Jun 21 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-58
```
- replace expired testing certificates
```

Fri Apr 29 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-57

- fix CVE-2016-2105 - possible overflow in base64 encoding
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO

Thu Apr 07 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-56

- fix 1-byte memory leak in pkcs12 parse (#1312112)
- document some options of the speed command (#1312110)
- fix high-precision timestamps in timestamping authority
- enable SCTP support in DTLS 
- use correct digest when exporting keying material in TLS1.2 (#1289620)
- fix CVE-2016-0799 - memory issues in BIO_printf
- add support for setting Kerberos service and keytab in
  s_server and s_client

Wed Feb 24 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-55

- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn

Tue Feb 16 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-54

- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method

Mon Dec 21 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-53
```
- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2
```

Fri Dec 04 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-52

- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint

Tue Jun 23 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51

- fix the CVE-2015-1791 fix (broken server side renegotiation)

Thu Jun 11 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-50

- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable