[ol7_optional_archive] openssl-static-1:1.0.1e-42.el7_1.9.x86_64

Name:	openssl-static
Epoch:	1
Version:	1.0.1e
Release:	42.el7_1.9
Architecture:	x86_64
Group:	Development/Libraries
Size:	4823490
License:	OpenSSL
RPM:	openssl-static-1.0.1e-42.el7_1.9.x86_64.rpm
Source RPM:	openssl-1.0.1e-42.el7_1.9.src.rpm
Build Date:	Mon Jun 29 2015
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	http://www.openssl.org/
Summary:	Libraries for static linking of applications which will use OpenSSL
Description:	OpenSSL is a toolkit for supporting cryptography. The openssl-static package contains static libraries needed for static linking of applications which support various cryptographic algorithms and protocols.

Changelog (Show File list) (Show related packages)

Tue Jun 23 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.9

- fix the CVE-2015-1791 fix (broken server side renegotiation)

Thu Jun 11 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.8

- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable

Tue Jun 09 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.7

- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
  read in multithreaded applications

Mon May 25 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.6

- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
  the DH key size to at least 768 bits (limit will be increased in future)

Thu Mar 26 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.5

- drop the AES-GCM restriction of 2^32 operations because the IV is
  always 96 bits (32 bit fixed field + 64 bit invocation field)

Thu Mar 19 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.4

- update fix for CVE-2015-0287 to what was released upstream

Wed Mar 18 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.3

- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server

Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.2
```
- fix broken error detection when unwrapping unpadded key
```

Mon Mar 02 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.1

- fix the RFC 5649 for key material that does not need padding

Thu Jan 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42

- test in the non-FIPS RSA keygen for minimal distance of p and q
  similarly to the FIPS RSA keygen