[ol8_u10_baseos_base] openssl-perl-1:1.1.1k-12.el8_9.x86_64

Name:	openssl-perl
Epoch:	1
Version:	1.1.1k
Release:	12.el8_9
Architecture:	x86_64
Group:	Unspecified
Size:	29624
License:	OpenSSL and ASL 2.0
RPM:	openssl-perl-1.1.1k-12.el8_9.x86_64.rpm
Source RPM:	openssl-1.1.1k-12.el8_9.src.rpm
Build Date:	Mon Dec 18 2023
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssl.org/
Summary:	Perl scripts provided with OpenSSL
Description:	OpenSSL is a toolkit for supporting cryptography. The openssl-perl package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit.

Changelog (Show File list) (Show related packages)

Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12

- Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
  (a proper fix for CVE-2020-25659)
  Resolves: RHEL-17696

Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11

- Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
  excessively long X9.42 DH keys or parameters may be very slow
  Resolves: RHEL-16538

Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10

- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
  Resolves: RHEL-14245
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
  Resolves: RHEL-14239

Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9

- Fixed Timing Oracle in RSA Decryption
  Resolves: CVE-2022-4304
- Fixed Double free after calling PEM_read_bio_ex
  Resolves: CVE-2022-4450
- Fixed Use-after-free following BIO_new_NDEF
  Resolves: CVE-2023-0215
- Fixed X.400 address type confusion in X.509 GeneralName
  Resolves: CVE-2023-0286

Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
```
- Fix no-ec build
  Resolves: rhbz#2071020
```

Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7

- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
  Resolves: CVE-2022-2097
- Update expired certificates used in the testsuite
  Resolves: rhbz#2092462
- Fix CVE-2022-1292: openssl: c_rehash script allows command injection
  Resolves: rhbz#2090372
- Fix CVE-2022-2068: the c_rehash script allows command injection
  Resolves: rhbz#2098279

Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6

- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
- Resolves: rhbz#2067146

Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5

- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
- Resolves: rhbz#2005402

Fri Jul 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-4

- Fixes bugs in s390x AES code.
- Uses the first detected address family if IPv6 is not available
- Reverts the changes in https://github.com/openssl/openssl/pull/13305
  as it introduces a regression if server has a DSA key pair, the handshake fails
  when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted,
  it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature
  will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already
  known - https://trac.nginx.org/nginx/ticket/2071#comment:1
  As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx
  could early callback instead of servername callback.
- Resolves: rhbz#1978214
- Related: rhbz#1934534

Thu Jun 24 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-3

- Cleansup the peer point formats on renegotiation
- Resolves rhbz#1965362