Accepting request 882114 from home:jsikes:branches:security:tls
Update to 1.1.1k with CVE fixes. Enjoy! OBS-URL: https://build.opensuse.org/request/show/882114 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=90
This commit is contained in:
parent
2a418dd2f6
commit
abf147163e
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 25 23:51:47 UTC 2021 - Jason Sikes <jsikes@suse.com>
|
||||
|
||||
- Update to 1.1.1k
|
||||
* Fixed a problem with verifying a certificate chain when using
|
||||
the X509_V_FLAG_X509_STRICT flag. This flag enables additional
|
||||
security checks of the certificates present in a certificate
|
||||
chain. It is not set by default. ([CVE-2021-3450])
|
||||
|
||||
* Fixed an issue where an OpenSSL TLS server may crash if sent a
|
||||
maliciously crafted renegotiation ClientHello message from a
|
||||
client. If a TLSv1.2 renegotiation ClientHello omits the
|
||||
signature_algorithms extension (where it was present in the
|
||||
initial ClientHello), but includes a signature_algorithms_cert
|
||||
extension then a NULL pointer dereference will result, leading
|
||||
to a crash and a denial of service attack.
|
||||
|
||||
A server is only vulnerable if it has TLSv1.2 and renegotiation
|
||||
enabled (which is the default configuration). OpenSSL TLS
|
||||
clients are not impacted by this issue. ([CVE-2021-3449])
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 2 19:40:25 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user