-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-1255 2011-02-10 20:46:01 --------------------------------------------------------------------------------
Name : openssl Product : Fedora 13 Version : 1.0.0d Release : 1.fc13 URL : http://www.openssl.org/ Summary : A general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- Update Information: This is update to a new upstream release that fixes CVE-2011-0014 - OCSP stapling vulnerability. There are also changes updating the FIPS validation related code that should not affect in any way operation of the OpenSSL library in the non-FIPS mode. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 10 2011 Tomas Mraz <[email protected]> 1.0.0d-1 - new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability) * Tue Feb 8 2011 Fedora Release Engineering <[email protected]> - 1.0.0c-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Feb 4 2011 Tomas Mraz <[email protected]> 1.0.0c-3 - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode * Mon Jan 24 2011 Tomas Mraz <[email protected]> 1.0.0c-2 - listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6 (#601612) - fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers * Fri Dec 3 2010 Tomas Mraz <[email protected]> 1.0.0c-1 - new upstream version fixing CVE-2010-4180 * Tue Nov 23 2010 Tomas Mraz <[email protected]> 1.0.0b-3 - replace the revert for the s390x bignum asm routines with fix from upstream * Mon Nov 22 2010 Tomas Mraz <[email protected]> 1.0.0b-2 - revert upstream change in s390x bignum asm routines * Tue Nov 16 2010 Tomas Mraz <[email protected]> 1.0.0b-1 - new upstream version fixing CVE-2010-3864 (#649304) * Tue Sep 7 2010 Tomas Mraz <[email protected]> 1.0.0a-3 - make SHLIB_VERSION reflect the library suffix * Wed Jun 30 2010 Tomas Mraz <[email protected]> 1.0.0a-2 - openssl man page fix (#609484) * Fri Jun 4 2010 Tomas Mraz <[email protected]> 1.0.0a-1 - new upstream patch release, fixes CVE-2010-0742 (#598738) and CVE-2010-1633 (#598732) * Wed May 19 2010 Tomas Mraz <[email protected]> 1.0.0-5 - pkgconfig files now contain the correct libdir (#593723) * Tue May 18 2010 Tomas Mraz <[email protected]> 1.0.0-4 - make CA dir readable - the private keys are in private subdir (#584810) * Fri Apr 9 2010 Tomas Mraz <[email protected]> 1.0.0-3 - a few fixes from upstream CVS - move libcrypto to /lib (#559953) * Tue Apr 6 2010 Tomas Mraz <[email protected]> 1.0.0-2 - set UTC timezone on pod2man run (#578842) - make X509_NAME_hash_old work in FIPS mode -------------------------------------------------------------------------------- References: [ 1 ] Bug #676063 - CVE-2011-0014 openssl: OCSP stapling vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=676063 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
