-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-11779 2009-11-20 04:24:44 --------------------------------------------------------------------------------
Name : openssl Product : Fedora 12 Version : 1.0.0 Release : 0.13.beta4.fc12 URL : http://www.openssl.org/ Summary : A general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- Update Information: Update to a current beta version. The update also contains changes for CVE-2009-3555 however it does not prevent the unsafe renegotiation for servers which use SSL_OP_ALL. The majority of applications does this. Preventing the unsafe renegotiation by default might break some protocols which depend on working renegotiation. The update also disables enforcement of the new safe renegotiation extension on the client as the extension is not yet supported by the deployed servers. It still might break applications which need legacy renegotiation to work but they should use SSL_OP_ALL option to allow this. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 18 2009 Tomas Mraz <[email protected]> 1.0.0-0.13.beta4 - disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot * Fri Nov 13 2009 Tomas Mraz <[email protected]> 1.0.0-0.12.beta4 - keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check * Thu Nov 12 2009 Tomas Mraz <[email protected]> 1.0.0-0.11.beta4 - update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final. -------------------------------------------------------------------------------- References: [ 1 ] Bug #537962 - alpine: ssl/tls negotiation has failed https://bugzilla.redhat.com/show_bug.cgi?id=537962 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list [email protected] http://www.redhat.com/mailman/listinfo/fedora-package-announce
