[ALSA-2020:5476] Important: openssl security and bug fix update
Type:
security
Severity:
important
Release date:
2020-12-15
Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542)
References:
Updated packages:
  • openssl-1.1.1g-12.el8_3.x86_64.rpm
  • openssl-devel-1.1.1g-12.el8_3.i686.rpm
  • openssl-devel-1.1.1g-12.el8_3.x86_64.rpm
  • openssl-libs-1.1.1g-12.el8_3.i686.rpm
  • openssl-libs-1.1.1g-12.el8_3.x86_64.rpm
  • openssl-perl-1.1.1g-12.el8_3.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.