-
Fri Oct 22 2021 John McWalters <john.mcwalters@oracle.com> 1.0.2k-22_fips
- Change Epoch from 1 to 10
- Fix DH self-test to add shared secret comparison [Orabug: 32467026]
- Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059]
- Add TLS KDF self-test [Orabug: 32467193]
- Add EC keys pairwise consistency test [Orabug: 32467059]
-
Wed Sep 01 2021 Sahana Prasad <sahana@redhat.com> 1.0.2k-22
- fix CVE-2021-23841 openssl: NULL pointer dereference
in X509_issuer_and_serial_hash()
- fix CVE-2021-23840 openssl: integer overflow in CipherUpdate
- Resolves: rhbz#1932132, rhbz#1932126
-
Fri Dec 04 2020 Sahana Prasad <sahana@redhat.com> 1.0.2k-21
- remove ASN1_F_ASN1_ITEM_EMBED_D2I from openssl-1.0.2k-cve-2020-1971.patch
-
Fri Dec 04 2020 Sahana Prasad <sahana@redhat.com> 1.0.2k-20
- fix CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference
-
Tue Apr 09 2019 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-19
- close the RSA decryption 9 lives of Bleichenbacher cat
timing side channel (#1649568)
-
Fri Apr 05 2019 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-18
- fix CVE-2018-0734 - DSA signature local timing side channel
- fix CVE-2019-1559 - 0-byte record padding oracle
- close the RSA decryption One & done EM side channel (#1619558)
-
Wed Feb 06 2019 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-17
- use SHA-256 in FIPS RSA pairwise key check
- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local
timing side-channel key extraction
-
Tue Aug 14 2018 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-16
- fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA
- fix incorrect error message on FIPS DSA parameter generation (#1603597)
-
Tue Jun 19 2018 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-14
- ppc64le is not multilib architecture (#1585004)
-
Mon Jun 18 2018 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-13
- add S390x assembler updates
- make CA name list comparison function case sensitive (#1548401)
- fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily
- fix CVE-2018-0732 - large prime DH DoS of TLS client
- fix CVE-2018-0737 - RSA key generation cache timing vulnerability
- fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure