| openssl-0.9.8e-42.el5_11.src
[3.4 MiB] |
Changelog
by Kai Engert (2017-04-29):
- Rebase ca-bundle.crt to the upstream version 2.14 with legacy
modifications. For compatibility reasons, several CA certificates with
RSA sizes of 1024 bits are still included.
|
| openssl-0.9.8e-40.el5_11.src
[3.4 MiB] |
Changelog
by Tomas Mraz (2016-05-18):
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
|
| openssl-0.9.8e-39.el5_11.src
[3.4 MiB] |
Changelog
by Tomas Mraz (2016-02-25):
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn
|
| openssl-0.9.8e-37.el5_11.src
[3.4 MiB] |
Changelog
by Tomas Mraz (2015-12-04):
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
|
| openssl-0.9.8e-36.el5_11.src
[3.4 MiB] |
Changelog
by Tomas Mraz (2015-06-26):
- also change the default DH parameters in s_server to 1024 bits
|
| openssl-0.9.8e-34.el5_11.src
[3.4 MiB] |
Changelog
by Kai Engert (2015-04-28):
- Rebase ca-bundle.crt to the upstream version 2.4 with legacy
modifications. For compatibility reasons, several CA certificates with
RSA sizes of 1024 bits are still included.
- Add a patch to the source RPM that documents the changes from the
upstream version.
|
| openssl-0.9.8e-33.el5_11.src
[3.2 MiB] |
Changelog
by Tomas Mraz (2015-04-03):
- fix CVE-2014-8275 (without introduction of CVE-2015-0286) - various
certificate fingerprint issues
- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
ciphersuites and on server
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server
|
| openssl-0.9.8e-32.el5_11.src
[3.2 MiB] |
Changelog
by Tomas Mraz (2014-12-17):
- properly lock X509_STORE accesses (#1168938)
|
| openssl-0.9.8e-31.el5_11.src
[3.2 MiB] |
Changelog
by Tomas Mraz (2014-10-16):
- add support for fallback SCSV to partially mitigate CVE-2014-3566
(padding attack on SSL3)
|
| openssl-0.9.8e-27.el5_10.4.src
[3.2 MiB] |
Changelog
by Tomas Mraz (2014-08-09):
- fix CVE-2014-0221 - recursion in DTLS code leading to DoS
- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
|
| openssl-0.9.8e-27.el5_10.3.src
[3.2 MiB] |
Changelog
by Tomas Mraz (2014-06-04):
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
|
| openssl-0.9.8e-27.el5_10.1.src
[3.2 MiB] |
Changelog
by Tomas Mraz (2014-01-28):
- replace expired GlobalSign Root CA certificate in ca-bundle.crt
|
| openssl-0.9.8e-26.el5_9.1.src
[3.2 MiB] |
Changelog
by Tomas Mraz (2013-02-25):
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB
environment variable is set (fixes CVE-2012-4929 #857051)
- use __secure_getenv() everywhere instead of getenv() (#839735)
|
| openssl-0.9.8e-22.el5_8.4.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2012-05-16):
- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)
|
| openssl-0.9.8e-22.el5_8.3.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2012-04-24):
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
|
| openssl-0.9.8e-22.el5_8.1.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2012-03-19):
- fix problem with the SGC restart patch that might terminate handshake
incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
|
| openssl-0.9.8e-22.el5.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2012-01-18):
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery
vulnerability and additional DTLS fixes (#771770)
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
|
| openssl-0.9.8e-20.el5_7.1.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2012-01-18):
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery
vulnerability and additional DTLS fixes (#771770)
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
|
| openssl-0.9.8e-20.el5.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2011-05-05):
- add missing DH_check_pub_key() call when DH key is computed (#698175)
|
| openssl-0.9.8e-12.el5_5.7.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2010-12-07):
- fix CVE-2010-4180 - completely disable code for
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
|
| openssl-0.9.8e-12.el5_4.6.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2010-03-12):
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
|
| openssl-0.9.8e-12.el5_4.1.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2010-01-14):
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data()
is called prematurely by application (#546707)
|
| openssl-0.9.8e-12.el5.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2009-06-30):
- abort if selftests failed and random number generator is polled
- mention EVP_aes and EVP_sha2xx routines in the manpages
- add README.FIPS
|
| openssl-0.9.8e-7.el5.src
[3.1 MiB] |
Changelog
by Tomas Mraz (2008-12-16):
- fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671)
|
| openssl-0.9.8b-10.el5_2.1.src
[2.7 MiB] |
Changelog
by Tomas Mraz (2008-12-16):
- fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671)
|