#4523: openssl-1.1.1d
--------------------+-----------------------
Reporter: bdubbs | Owner: lfs-book
Type: task | Status: new
Priority: high | Milestone: 9.1
Component: Book | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------+-----------------------
Changes (by bdubbs):
* priority: normal => high
Comment:
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
- Fixed a fork protection issue (CVE-2019-1549)
- LFS Note: Base Score: 5.3 MEDIUM; Impact Score: 1.4;
Exploitability Score: 3.9
- Fixed a padding oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
(CVE-2019-1563)
- Base Score: 3.7 LOW; Impact Score: 1.4; Exploitability Score:
2.2
- For built-in EC curves, ensure an EC_GROUP built from the curve
name is
used even when parsing explicit parameters
- Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
- Base Score: 4.7 MEDIUM; Impact Score: 3.6; Exploitability
Score: 1.0
- Early start up entropy quality from the DEVRANDOM seed source has
been
improved for older Linux systems
- Correct the extended master secret constant on EBCDIC systems
- Use Windows installation paths in the mingw builds (CVE-2019-1552)
- LFS N/A
- Changed DH_check to accept parameters with order q and 2q
subgroups
- Significantly reduce secure memory usage by the randomness pools
- Revert the DEVRANDOM_WAIT feature for Linux systems
--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4523#comment:3>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
--
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
