{"reporter": "f5", "published": "2013-03-07T00:00:00", "cvelist": ["CVE-2013-0166"], "title": "SOL14261 - OpenSSL OCSP vulnerability CVE-2013-0166", "objectVersion": "1.2", "type": "f5", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/200/sol14261.html", "bulletinFamily": "software", "hashmap": [{"hash": "09c61d9ea3e7076bec0cb1c62150be4d", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "4c35b85f328064c1784ddfa47fc954aa", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "36eeb88ca764539edf9ed5bd4e6587ca", "key": "description"}, {"hash": "ce0657de20c928bd18fb112075fa79b6", "key": "href"}, {"hash": "e44c2d81e751278fed20fb31e0821a9e", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "572ccbf3fbf46d58be97345edc57514f", "key": "published"}, {"hash": "99beb02b2439a3eab5ae5fe959cb212b", "key": "references"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "reporter"}, {"hash": "515711f9e455df35db440561aafef75e", "key": "title"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "history": [], "enchantments": {"vulnersScore": 5.0}, "modified": "2014-04-03T00:00:00", "hash": "c1a85b3a1cacad1ba1e417ceac7c2aa1d26e9c10ea8aaf5d64f3fa6135d64e74", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "viewCount": 1, "lastseen": "2016-09-26T17:23:18", "edition": 1, "description": "Recommended action\n\nTo eliminate this vulnerability, upgrade to a version that is listed in the **Versions known to be not vulnerable** column in the previous table.\n\nSupplemental Information\n\n * [Common Vulnerabilities and Exposures (CVE-2013-0166)](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166>) \n\n\n**Note**: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL6845: Managing BIG-IP product hotfixes (9.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "references": ["https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10322.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/6000/600/sol6664.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/6000/800/sol6845.html", "https://support.f5.comhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3430.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "id": "SOL14261", "affectedSoftware": [{"operator": "le", "name": "BIG-IP PSM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP PSM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP AFM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP Link Controller", "version": "9.4.8"}, {"operator": "le", "name": "BIG-IP WebAccelerator", "version": "9.4.8"}, {"operator": "le", "name": "BIG-IP APM", "version": "10.2.4"}, {"operator": "le", "name": "FirePass", "version": "6.1.0"}, {"operator": "le", "name": "BIG-IP WebAccelerator", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP Edge Gateway\n", "version": "11.3.0"}, {"operator": "le", "name": "FirePass", "version": "7.0.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP ASM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP WebAccelerator", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP ASM", "version": "9.4.8"}, {"operator": "le", "name": "BIG-IP Link Controller", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP WOM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP APM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP WOM", "version": "11.3.0"}, {"operator": "le", "name": "ARX", "version": "6.4.0"}, {"operator": "le", "name": "BIG-IP Link Controller", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "9.6.1"}, {"operator": "le", "name": "BIG-IP Edge Gateway\n", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP Analytics", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP PSM", "version": "9.4.8"}, {"operator": "le", "name": "ARX", "version": "5.3.1"}, {"operator": "le", "name": "BIG-IP PEM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP ASM", "version": "11.3.0"}]}

{"result": {"cve": [{"id": "CVE-2013-0166", "type": "cve", "title": "CVE-2013-0166", "description": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.", "published": "2013-02-08T14:55:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166", "cvelist": ["CVE-2013-0166"], "lastseen": "2017-09-19T13:38:33"}], "f5": [{"id": "F5:K14261", "type": "f5", "title": "OpenSSL OCSP vulnerability CVE-2013-0166", "description": "\nF5 Product Development has assigned ID 410850, ID 410734, ID 407706 (BIG-IP), ID 410613, ID 411980 (FirePass), and ID 410742 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/services/customer-support/ihealth/>) may list Heuristic H413586 on the **Diagnostics **&gt; **Identified **&gt; **High **screen.\n\nTo find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table: \n\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n9.0.0 - 9.6.1 \n \n| 11.4.0 \n11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n10.2.4 HF6 \n| OCSP profiles \n \nBIG-IP AAM | None | 11.4.0 | None \nBIG-IP AFM | 11.3.0 | 11.4.0 \n11.3.0 HF2 \n| OCSP profiles \nBIG-IP Analytics | 11.0.0 - 11.3.0 | 11.4.0 \n11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n| OCSP profiles \nBIG-IP APM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | 11.4.0 \n11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n10.2.4 HF6 | OCSP profiles \nBIG-IP ASM | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n9.2.0 - 9.4.8 | 11.4.0 \n11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n10.2.4 HF6 | OCSP profiles \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | 11.4.0 \n11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n| OCSP profiles \nBIG-IP GTM | None | 11.0.0 - 11.4.0 \n10.0.0 - 10.2.4 \n9.2.2 - 9.4.8 | None \nBIG-IP Link Controller | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n9.2.2 - 9.4.8 \n| 11.4.0 \n11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n10.2.4 HF6 | OCSP profiles \nBIG-IP PEM | 11.3.0 \n| 11.4.0 \n11.3.0 HF2 \n| OCSP profiles \nBIG-IP PSM | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n9.4.5 - 9.4.8 | 11.4.0 \n11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n10.2.4 HF6 | OCSP profiles \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 \n9.4.0 - 9.4.8 | 11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n10.2.4 HF6 | OCSP profiles \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | 11.3.0 HF2 \n11.2.1 HF4 \n11.2.0 HF4 \n11.1.0 HF6 \n11.0.0 HF5 \n10.2.4 HF6 | OCSP profiles \nARX | 6.0.0 - 6.4.0 \n5.0.0 - 5.3.1 | None | ARX GUI \n \nEnterprise Manager | None | 1.6.0 - 1.8.0 \n2.0.0 - 2.3.0 \n3.0.0 - 3.1.1 | None \nFirePass | 7.0.0 \n6.0.0 - 6.1.0 | 7.0.0 HF-70-9 \n6.1.0 HF-610-11 | Administrative interface \nWebServices \n\n\nTo eliminate this vulnerability, upgrade to a version that is listed in the **Versions known to be not vulnerable** column in the previous table.\n\n * [Common Vulnerabilities and Exposures (CVE-2013-0166)](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166>) \n\n\n**Note**: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K6845: Managing BIG-IP product hotfixes (9.x)](<https://support.f5.com/csp/article/K6845>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n * [K3430: Installing FirePass hotfixes](<https://support.f5.com/csp/article/K3430>)\n * [K6664: Obtaining and installing OPSWAT hotfixes](<https://support.f5.com/csp/article/K6664>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "published": "2013-03-08T03:02:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K14261", "cvelist": ["CVE-2013-0166"], "lastseen": "2017-06-08T00:16:35"}], "openssl": [{"id": "OPENSSL:CVE-2013-0166", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2013-0166)", "description": "A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. Reported by Stephen Henson.", "published": "2013-02-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.openssl.org/news/vulnerabilities.html", "cvelist": ["CVE-2013-0166"], "lastseen": "2016-09-26T17:22:34"}], "nessus": [{"id": "F5_BIGIP_SOL14261.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL OCSP vulnerability (SOL14261)", "description": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do not properly perform signature verification for Online Certificate Status Protocol (OCSP) responses, which allow remote attackers to cause a denial-of-service (DoS) (NULL pointer dereference and application crash) by way of an invalid key.", "published": "2014-10-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78145", "cvelist": ["CVE-2013-0166"], "lastseen": "2017-10-29T13:44:13"}, {"id": "OPENSSL_0_9_8Y.NASL", "type": "nessus", "title": "OpenSSL < 0.9.8y Multiple Vulnerabilities", "description": "According to its banner, the remote web server is running a version of OpenSSL prior to 0.9.8y. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :\n\n - An error exists related to the handling of OCSP response verification that could allow denial of service attacks.\n (CVE-2013-0166)\n\n - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)", "published": "2013-02-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64532", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:39:56"}, {"id": "JUNIPER_JSA10575.NASL", "type": "nessus", "title": "Juniper Junos OpenSSL Multiple Vulnerabilities (JSA10575)", "description": "According to its self-reported version number, the remote Junos device is using an outdated version of OpenSSL, which has multiple vulnerabilities including (but not limited to) :\n\n - An error exists related to the handling of OCSP response verification that could allow denial of service attacks.\n (CVE-2013-0166)\n\n - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)", "published": "2013-07-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68908", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:43:01"}, {"id": "DEBIAN_DSA-2621.NASL", "type": "nessus", "title": "Debian DSA-2621-1 : openssl - several vulnerabilities", "description": "Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key.\n\n - CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the 'Lucky Thirteen' issue.", "published": "2013-02-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64623", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:38:30"}, {"id": "OPENSSL_1_0_0K.NASL", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities", "description": "According to its banner, the remote web server is running a version of OpenSSL 1.0.0 prior to 1.0.0k. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :\n\n - An error exists related to the handling of OCSP response verification that could allow denial of service attacks.\n (CVE-2013-0166)\n\n - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)", "published": "2013-02-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64533", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:41:11"}, {"id": "SOLARIS11_OPENSSL_20130716.NASL", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris)", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.\n (CVE-2013-0166)\n\n - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the 'Lucky Thirteen' issue. (CVE-2013-0169)", "published": "2015-01-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80719", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:36:12"}, {"id": "FEDORA_2013-2834.NASL", "type": "nessus", "title": "Fedora 18 : openssl-1.0.1e-3.fc18 (2013-2834)", "description": "Multiple security and bug fixes update from upstream.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-03-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64982", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:33:01"}, {"id": "FEDORA_2013-2793.NASL", "type": "nessus", "title": "Fedora 17 : openssl-1.0.0k-1.fc17 (2013-2793)", "description": "Multiple security and bug fixes update from upstream.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-03-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65081", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:43:27"}, {"id": "FREEBSD_PKG_69BFC8529BD011E2A7BE8C705AF55518.NASL", "type": "nessus", "title": "FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (69bfc852-9bd0-11e2-a7be-8c705af55518)", "description": "A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack.\n\nOpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack.", "published": "2013-04-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65842", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:41:58"}, {"id": "MANDRIVA_MDVSA-2013-052.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)", "description": "Multiple vulnerabilities has been found and corrected in openssl :\n\nOpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key (CVE-2013-0166).\n\nThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue (CVE-2013-0169).\n\nThe updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues.", "published": "2013-04-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66066", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-10-29T13:44:24"}], "aix": [{"id": "OPENSSL_ADVISORY5.ASC", "type": "aix", "title": "Multiple OpenSSL vulnerabilities", "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Fri Mar 15 03:20:11 CDT 2013\n\nThe most recent version of this document is available here:\n| Updated: Wed Jun 5 10:22:29 CDT 2013\n| Update: Fix available for FIPS version\n| Update: Corrected CVSS base score and vector\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory5.asc\nor\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory5.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Multiple OpenSSL vulnerabilities \n\nPLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.X\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: See below\n\nCVE Numbers: CVE-2013-0169\n CVE-2013-0166\n\nReboot required? NO\nWorkarounds? NO\nProtected by FPM? NO\nProtected by SED? NO\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION (From cve.mitre.org)\n \n CVE-2013-0169\n The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as\n used in OpenSSL, OpenJDK, PolarSSL, and other products, do not\n properly consider timing side-channel attacks on a MAC check \n requirement during the processing of malformed CBC padding, which \n allows remote attackers to conduct distinguishing attacks and \n plaintext-recovery attacks via statistical analysis of timing data\n for crafted packets, aka the \"Lucky Thirteen\" issue. \n\n CVE-2013-0166\n OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d \n does not properly perform signature verification for OCSP responses,\n which allows remote attackers to cause a denial of service (NULL \n pointer dereference and application crash) via an invalid key. \n\n Please see the following for more information:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166\n\nII. CVSS\n\n CVE-2013-0169\n| CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81902 for the\n current score\n CVSS Environmental Score*: Undefined\n| CVSS String: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2013-0166\n CVSS Base Score: 5.0\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81904 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n\n On VIO Server:\n\n oem_setup_env\n lslpp -L openssl.base\n\n The following fileset levels are vulnerable:\n\n AIX 7.1, 6.1, 5.3: all versions less than or equal 0.9.8.2400\n AIX 7.1, 6.1, 5.3: FIPS capable versions less than or equal 12.9.8.2400\n VIOS 2.X: all versions less than or equal 0.9.8.2400\n\n IMPORTANT: If AIX OpenSSH is in use, it must be updated to version\n OpenSSH 6.0 or later, depending on the OpenSSL version according to\n following compatibility matrix:\n\n AIX OpenSSL OpenSSH\n ------------------------------------------------------------------\n 5.3,6.1,7.1 OpenSSL 0.9.8.25xx OpenSSH 6.0.0.61xx\n (Available)\n\n 5.3,6.1,7.1 OpenSSL-fips 12.9.8.25xx OpenSSH 6.0.0.61xx \n| (Available)\n\n VIOS OpenSSL OpenSSH\n ------------------------------------------------------------------\n 2.X OpenSSL 0.9.8.25xx OpenSSH 6.0.0.61xx\n (Available)\n\n AIX OpenSSH can be downloaded from:\n\n OpenSSH 6.0:\n http://sourceforge.net/projects/openssh-aix\n OpenSSH 6.0.0.61xx\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\nIV. FIXES\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n zcat openssl-0.9.8.2500.tar.Z | tar xvf -\n or\n zcat openssl-fips-12.9.8.2500.tar.Z | tar xvf -\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n\nV. WORKAROUNDS\n\n There are no workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n C. Download the key from a PGP Public Key Server. The key ID is:\n\n\t 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n\nVII. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/81902\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/81904\n CVE-2013-0169: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169\n CVE-2013-0166: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlGvV/sACgkQ4fmd+Ci/qhLVQQCfaZYvgKSY8UCYj6RJPbMaXlb3\nAxgAn0+qF+xmWSKNT6+43X/h/usZa3Bl\n=q2Sm\n-----END PGP SIGNATURE-----\n", "published": "2013-03-15T03:20:11", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory5.asc", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2016-10-24T17:48:11"}], "openvas": [{"id": "OPENVAS:865421", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2013-2834", "description": "Check for the Version of openssl", "published": "2013-03-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=865421", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2018-02-06T13:10:42"}, {"id": "OPENVAS:1361412562310892621", "type": "openvas", "title": "Debian Security Advisory DSA 2621-1 (openssl - several vulnerabilities)", "description": "Multiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-0166 \nOpenSSL does not properly perform signature verification for OCSP\nresponses, which allows remote attackers to cause a denial of\nservice via an invalid key.\n\nCVE-2013-0169A timing side channel attack has been found in CBC padding\nallowing an attacker to recover pieces of plaintext via statistical\nanalysis of crafted packages, known as the Lucky Thirteen \nissue.", "published": "2013-02-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892621", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2018-04-06T11:23:32"}, {"id": "OPENVAS:892621", "type": "openvas", "title": "Debian Security Advisory DSA 2621-1 (openssl - several vulnerabilities)", "description": "Multiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2013-0166 \nOpenSSL does not properly perform signature verification for OCSP\nresponses, which allows remote attackers to cause a denial of\nservice via an invalid key.\n\nCVE-2013-0169A timing side channel attack has been found in CBC padding\nallowing an attacker to recover pieces of plaintext via statistical\nanalysis of crafted packages, known as the Lucky Thirteen \nissue.", "published": "2013-02-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892621", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-07-24T12:52:02"}, {"id": "OPENVAS:1361412562310103872", "type": "openvas", "title": "VMware Security Updates for vCenter Server (VMSA-2013-0009)", "description": "VMware has updated the userworld OpenSSL library in vCenter Server\nto address multiple security vulnerabilities.", "published": "2014-01-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103872", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2018-04-06T11:13:12"}, {"id": "OPENVAS:103872", "type": "openvas", "title": "VMware Security Updates for vCenter Server (VMSA-2013-0009)", "description": "VMware has updated the userworld OpenSSL library in vCenter Server\nto address multiple security vulnerabilities.", "published": "2014-01-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=103872", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2017-07-31T10:49:12"}, {"id": "OPENVAS:1361412562310865421", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2013-2834", "description": "Check for the Version of openssl", "published": "2013-03-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865421", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2018-04-06T11:23:34"}, {"id": "OPENVAS:1361412562310120555", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2013-171", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120555", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-4929"], "lastseen": "2017-07-24T12:51:22"}, {"id": "OPENVAS:1361412562310841327", "type": "openvas", "title": "Ubuntu Update for openssl USN-1732-1", "description": "Check for the Version of openssl", "published": "2013-02-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841327", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-2686"], "lastseen": "2018-04-30T13:59:52"}, {"id": "OPENVAS:1361412562310841348", "type": "openvas", "title": "Ubuntu Update for openssl USN-1732-2", "description": "Check for the Version of openssl", "published": "2013-03-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841348", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-2686"], "lastseen": "2018-04-30T13:59:26"}, {"id": "OPENVAS:1361412562310881669", "type": "openvas", "title": "CentOS Update for openssl CESA-2013:0587 centos6 ", "description": "Check for the Version of openssl", "published": "2013-03-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881669", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-4929"], "lastseen": "2018-04-06T11:23:59"}], "freebsd": [{"id": "69BFC852-9BD0-11E2-A7BE-8C705AF55518", "type": "freebsd", "title": "FreeBSD -- OpenSSL multiple vulnerabilities", "description": "\n\nA flaw in the OpenSSL handling of OCSP response\n\t verification could be exploited to cause a denial of\n\t service attack.\nOpenSSL has a weakness in the handling of CBC\n\t ciphersuites in SSL, TLS and DTLS. The weakness could reveal\n\t plaintext in a timing attack.\n\n", "published": "2013-04-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/69bfc852-9bd0-11e2-a7be-8c705af55518.html", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2016-09-26T17:24:32"}, {"id": "00B0D8CD-7097-11E2-98D9-003067C2616F", "type": "freebsd", "title": "OpenSSL -- TLS 1.1, 1.2 denial of service", "description": "\nOpenSSL security team reports:\n\nA flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1\n\t and TLS 1.2 on AES-NI supporting platforms can be exploited in a\n\t DoS attack.\nA flaw in the OpenSSL handling of OCSP response verification can\n\t be exploited in a denial of service attack.\n\n", "published": "2013-02-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/00b0d8cd-7097-11e2-98d9-003067c2616f.html", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-2686"], "lastseen": "2016-09-26T17:24:33"}], "debian": [{"id": "DSA-2621", "type": "debian", "title": "openssl -- several vulnerabilities", "description": "Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues:\n\n * [CVE-2013-0166](<https://security-tracker.debian.org/tracker/CVE-2013-0166>)\n\nOpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key.\n\n * [CVE-2013-0169](<https://security-tracker.debian.org/tracker/CVE-2013-0169>)\n\nA timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the Lucky Thirteen issue.\n\nFor the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze14.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.0.1e-1.\n\nWe recommend that you upgrade your openssl packages.", "published": "2013-02-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2621", "cvelist": ["CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2016-09-02T18:23:37"}], "oraclelinux": [{"id": "ELSA-2013-0587", "type": "oraclelinux", "title": "openssl security update", "description": "[1.0.0-27.2]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)", "published": "2013-03-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0587.html", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-4929"], "lastseen": "2016-09-04T11:16:08"}, {"id": "ELSA-2015-3022", "type": "oraclelinux", "title": "openssl-fips security update", "description": "[1.0.1m-2.0.1]\n- update to upstream 1.0.1m\n- update to fips canister 2.0.9\n- regenerated below patches\n openssl-1.0.1-beta2-rpmbuild.patch\n openssl-1.0.1m-rhcompat.patch\n openssl-1.0.1m-ecc-suiteb.patch\n openssl-1.0.1m-fips-mode.patch\n openssl-1.0.1m-version.patch\n openssl-1.0.1m-evp-devel.patch\n[1.0.1j-2.0.4]\n- [Orabug 20182267] The openssl-fips-devel package should Provide:\n openssl-devel and openssl-devel(x86-64) like the standard -devel\n package\n- The openssl-fips-devel package should include fips.h and fips_rand.h\n for apps that want to build against FIPS* APIs\n[1.0.1j-2.0.3]\n- [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch,\n update ec_curve.c which gets copied into build tree to match the patch\n (ie only have curves which are advertised). The change items from the\n orignal patch are as follows:\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1j-2.0.2]\n- update README.FIPS with step-by-step install instructions\n[1.0.1j-2.0.1]\n- update to upstream 1.0.1j\n- change name to openssl-fips\n- change Obsoletes: openssl to Conflicts: openssl\n- add Provides: openssl\n[1.0.1i-2.0.3.fips]\n- update to fips canister 2.0.8 to remove Dual EC DRBG\n- run gcc -v so the gcc build version is captured in the build log\n[1.0.1i-2.0.2.fips]\n- flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg\n[1.0.1i-2.0.1.fips]\n- build against upstream 1.0.1i\n- build against fips validated canister 2.0.7\n- add patch to support fips=1\n- rename pkg to openssl-fips and Obsolete openssl\n[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-16.7]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-16.4]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-16.3]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-16.2]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-16.1]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document\n[1.0.0-8]\n- add -x931 parameter to openssl genrsa command to use the ANSI X9.31\n key generation method\n- use FIPS-186-3 method for DSA parameter generation\n- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable\n to allow using MD5 when the system is in the maintenance state\n even if the /proc fips flag is on\n- make openssl pkcs12 command work by default in the FIPS mode\n[1.0.0-7]\n- listen on ipv6 wildcard in s_server so we accept connections\n from both ipv4 and ipv6 (#601612)\n- fix openssl speed command so it can be used in the FIPS mode\n with FIPS allowed ciphers (#619762)\n[1.0.0-6]\n- disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864\n (#649304)\n[1.0.0-5]\n- fix race in extension parsing code - CVE-2010-3864 (#649304)\n[1.0.0-4]\n- openssl man page fix (#609484)\n[1.0.0-3]\n- fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738)\n- fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732)\n[1.0.0-2]\n- make CA dir readable - the private keys are in private subdir (#584810)\n- a few fixes from upstream CVS\n- make X509_NAME_hash_old work in FIPS mode (#568395)\n[1.0.0-1]\n- update to final 1.0.0 upstream release\n[1.0.0-0.22.beta5]\n- make TLS work in the FIPS mode\n[1.0.0-0.21.beta5]\n- gracefully handle zero length in assembler implementations of\n OPENSSL_cleanse (#564029)\n- do not fail in s_server if client hostname not resolvable (#561260)\n[1.0.0-0.20.beta5]\n- new upstream release\n[1.0.0-0.19.beta4]\n- fix CVE-2009-4355 - leak in applications incorrectly calling\n CRYPTO_free_all_ex_data() before application exit (#546707)\n- upstream fix for future TLS protocol version handling\n[1.0.0-0.18.beta4]\n- add support for Intel AES-NI\n[1.0.0-0.17.beta4]\n- upstream fix compression handling on session resumption\n- various null checks and other small fixes from upstream\n- upstream changes for the renegotiation info according to the latest draft\n[1.0.0-0.16.beta4]\n- fix non-fips mingw build (patch by Kalev Lember)\n- add IPV6 fix for DTLS\n[1.0.0-0.15.beta4]\n- add better error reporting for the unsafe renegotiation\n[1.0.0-0.14.beta4]\n- fix build on s390x\n[1.0.0-0.13.beta4]\n- disable enforcement of the renegotiation extension on the client (#537962)\n- add fixes from the current upstream snapshot\n[1.0.0-0.12.beta4]\n- keep the beta status in version number at 3 so we do not have to rebuild\n openssh and possibly other dependencies with too strict version check\n[1.0.0-0.11.beta4]\n- update to new upstream version, no soname bump needed\n- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used\n so the compatibility with unfixed clients is not broken. The\n protocol extension is also not final.\n[1.0.0-0.10.beta3]\n- fix use of freed memory if SSL_CTX_free() is called before\n SSL_free() (#521342)\n[1.0.0-0.9.beta3]\n- fix typo in DTLS1 code (#527015)\n- fix leak in error handling of d2i_SSL_SESSION()\n[1.0.0-0.8.beta3]\n- fix RSA and DSA FIPS selftests\n- reenable fixed x86_64 camellia assembler code (#521127)\n[1.0.0-0.7.beta3]\n- temporarily disable x86_64 camellia assembler code (#521127)\n[1.0.0-0.6.beta3]\n- fix openssl dgst -dss1 (#520152)\n[1.0.0-0.5.beta3]\n- drop the compat symlink hacks\n[1.0.0-0.4.beta3]\n- constify SSL_CIPHER_description()\n[1.0.0-0.3.beta3]\n- fix WWW:Curl:Easy reference in tsget\n[1.0.0-0.2.beta3]\n- enable MD-2\n[1.0.0-0.1.beta3]\n- update to new major upstream release\n[0.9.8k-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Wed Jul 22 2009 Bill Nottingham \n- do not build special 'optimized' versions for i686, as that's the base\n arch in Fedora now\n[0.9.8k-6]\n- abort if selftests failed and random number generator is polled\n- mention EVP_aes and EVP_sha2xx routines in the manpages\n- add README.FIPS\n- make CA dir absolute path (#445344)\n- change default length for RSA key generation to 2048 (#484101)\n[0.9.8k-5]\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n (DTLS DoS problems) (#501253, #501254, #501572)\n[0.9.8k-4]\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n[0.9.8k-3]\n- correct the SHLIB_VERSION define\n[0.9.8k-2]\n- add support for multiple CRLs with same subject\n- load only dynamic engine support in FIPS mode\n[0.9.8k-1]\n- update to new upstream release (minor bug fixes, security\n fixes and machine code optimizations only)\n[0.9.8j-10]\n- move libraries to /usr/lib (#239375)\n[0.9.8j-9]\n- add a static subpackage\n[0.9.8j-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[0.9.8j-7]\n- must also verify checksum of libssl.so in the FIPS mode\n- obtain the seed for FIPS rng directly from the kernel device\n- drop the temporary symlinks\n[0.9.8j-6]\n- drop the temporary triggerpostun and symlinking in post\n- fix the pkgconfig files and drop the unnecessary buildrequires\n on pkgconfig as it is a rpmbuild dependency (#481419)\n[0.9.8j-5]\n- add temporary triggerpostun to reinstate the symlinks\n[0.9.8j-4]\n- no pairwise key tests in non-fips mode (#479817)\n[0.9.8j-3]\n- even more robust test for the temporary symlinks\n[0.9.8j-2]\n- try to ensure the temporary symlinks exist\n[0.9.8j-1]\n- new upstream version with necessary soname bump (#455753)\n- temporarily provide symlink to old soname to make it possible to rebuild\n the dependent packages in rawhide\n- a d d e a p - f a s t s u p p o r t ( # 4 2 8 1 8 1 ) b r > - a d d p o s s i b i l i t y t o d i s a b l e z l i b b y s e t t i n g b r > - a d d f i p s m o d e s u p p o r t f o r t e s t i n g p u r p o s e s b r > - d o n o t n u l l d e r e f e r e n c e o n s o m e i n v a l i d s m i m e f i l e s b r > - a d d b u i l d r e q u i r e s p k g c o n f i g ( # 4 7 9 4 9 3 ) b r > b r > [ 0 . 9 . 8 g - 1 1 ] b r > - d o n o t a d d t l s e x t e n s i o n s t o s e r v e r h e l l o f o r S S L v 3 e i t h e r b r > b r > [ 0 . 9 . 8 g - 1 0 ] b r > - m o v e r o o t C A b u n d l e t o c a - c e r t i f i c a t e s p a c k a g e b r > b r > [ 0 . 9 . 8 g - 9 ] b r > - f i x C V E - 2 0 0 8 - 0 8 9 1 - s e r v e r n a m e e x t e n s i o n c r a s h ( # 4 4 8 4 9 2 ) b r > - f i x C V E - 2 0 0 8 - 1 6 7 2 - s e r v e r k e y e x c h a n g e m e s s a g e o m i t c r a s h ( # 4 4 8 4 9 5 ) b r > b r > [ 0 . 9 . 8 g - 8 ] b r > - s u p e r - H a r c h s u p p o r t b r > - d r o p w o r k a r o u n d f o r b u g 1 9 9 6 0 4 a s i t s h o u l d b e f i x e d i n g c c - 4 . 3 b r > b r > [ 0 . 9 . 8 g - 7 ] b r > - s p a r c h a n d l i n g b r > b r > [ 0 . 9 . 8 g - 6 ] b r > - u p d a t e t o n e w r o o t C A b u n d l e f r o m m o z i l l a . o r g ( r 1 . 4 5 ) b r > b r > [ 0 . 9 . 8 g - 5 ] b r > - A u t o r e b u i l d f o r G C C 4 . 3 b r > b r > [ 0 . 9 . 8 g - 4 ] b r > - m e r g e r e v i e w f i x e s ( # 2 2 6 2 2 0 ) b r > - a d j u s t t h e S H L I B _ V E R S I O N _ N U M B E R t o r e f l e c t l i b r a r y n a m e ( # 4 2 9 8 4 6 ) b r > b r > [ 0 . 9 . 8 g - 3 ] b r > - s e t d e f a u l t p a t h s w h e n n o e x p l i c i t p a t h s a r e s e t ( # 4 1 8 7 7 1 ) b r > - d o n o t a d d t l s e x t e n s i o n s t o c l i e n t h e l l o f o r S S L v 3 ( # 4 2 2 0 8 1 ) b r > b r > [ 0 . 9 . 8 g - 2 ] b r > - e n a b l e s o m e n e w c r y p t o a l g o r i t h m s a n d f e a t u r e s b r > - a d d s o m e m o r e i m p o r t a n t b u g f i x e s f r o m o p e n s s l C V S b r > b r > [ 0 . 9 . 8 g - 1 ] b r > - u p d a t e t o l a t e s t u p s t r e a m r e l e a s e , S O N A M E b u m p e d t o 7 b r > b r > [ 0 . 9 . 8 b - 1 7 ] b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g b r > b r > [ 0 . 9 . 8 b - 1 6 ] b r > - f i x C V E - 2 0 0 7 - 5 1 3 5 - o f f - b y - o n e i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 3 0 9 8 0 1 ) b r > - f i x C V E - 2 0 0 7 - 4 9 9 5 - o u t o f o r d e r D T L S f r a g m e n t s b u f f e r o v e r f l o w ( # 3 2 1 1 9 1 ) b r > - a d d a l p h a s u b - a r c h s ( # 2 9 6 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 5 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 1 4 ] b r > - u s e l o c a l h o s t i n t e s t s u i t e , h o p e f u l l y f i x e s s l o w b u i l d i n k o j i b r > - C V E - 2 0 0 7 - 3 1 0 8 - f i x s i d e c h a n n e l a t t a c k o n p r i v a t e k e y s ( # 2 5 0 5 7 7 ) b r > - m a k e s s l s e s s i o n c a c h e i d m a t c h i n g s t r i c t ( # 2 3 3 5 9 9 ) b r > b r > [ 0 . 9 . 8 b - 1 3 ] b r > - a l l o w b u i l d i n g o n A R M a r c h i t e c t u r e s ( # 2 4 5 4 1 7 ) b r > - u s e r e f e r e n c e t i m e s t a m p s t o p r e v e n t m u l t i l i b c o n f l i c t s ( # 2 1 8 0 6 4 ) b r > - - d e v e l p a c k a g e m u s t r e q u i r e p k g c o n f i g ( # 2 4 1 0 3 1 ) b r > b r > [ 0 . 9 . 8 b - 1 2 ] b r > - d e t e c t d u p l i c a t e s i n a d d _ d i r p r o p e r l y ( # 2 0 6 3 4 6 ) b r > b r > [ 0 . 9 . 8 b - 1 1 ] b r > - t h e p r e v i o u s c h a n g e s t i l l d i d n ' t m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e b r > b r > [ 0 . 9 . 8 b - 1 0 ] b r > - m a k e X 5 0 9 _ N A M E _ c m p t r a n s i t i v e o t h e r w i s e c e r t i f i c a t e l o o k u p b r > i s b r o k e n ( # 2 1 6 0 5 0 ) b r > b r > [ 0 . 9 . 8 b - 9 ] b r > - a l i a s i n g b u g i n e n g i n e l o a d i n g , p a t c h b y I B M ( # 2 1 3 2 1 6 ) b r > b r > [ 0 . 9 . 8 b - 8 ] b r > - C V E - 2 0 0 6 - 2 9 4 0 f i x w a s i n c o r r e c t ( # 2 0 8 7 4 4 ) b r > b r > [ 0 . 9 . 8 b - 7 ] b r > - f i x C V E - 2 0 0 6 - 2 9 3 7 - m i s h a n d l e d e r r o r o n A S N . 1 p a r s i n g ( # 2 0 7 2 7 6 ) b r > - f i x C V E - 2 0 0 6 - 2 9 4 0 - p a r a s i t i c p u b l i c k e y s D o S ( # 2 0 7 2 7 4 ) b r > - f i x C V E - 2 0 0 6 - 3 7 3 8 - b u f f e r o v e r f l o w i n S S L _ g e t _ s h a r e d _ c i p h e r s ( # 2 0 6 9 4 0 ) b r > - f i x C V E - 2 0 0 6 - 4 3 4 3 - s s l v 2 c l i e n t D o S ( # 2 0 6 9 4 0 ) b r > b r > [ 0 . 9 . 8 b - 6 ] b r > - f i x C V E - 2 0 0 6 - 4 3 3 9 - p r e v e n t a t t a c k o n P K C S # 1 v 1 . 5 s i g n a t u r e s ( # 2 0 5 1 8 0 ) b r > b r > [ 0 . 9 . 8 b - 5 ] b r > - s e t b u f f e r i n g t o n o n e o n s t d i o / s t d o u t F I L E w h e n b u f s i z e i s s e t ( # 2 0 0 5 8 0 ) b r > p a t c h b y I B M b r > b r > [ 0 . 9 . 8 b - 4 . 1 ] b r > - r e b u i l d w i t h n e w b i n u t i l s ( # 2 0 0 3 3 0 ) b r > b r > [ 0 . 9 . 8 b - 4 ] b r > - a d d a t e m p o r a r y w o r k a r o u n d f o r s h a 5 1 2 t e s t f a i l u r e o n s 3 9 0 ( # 1 9 9 6 0 4 ) b r > b r > * T h u J u l 2 0 2 0 0 6 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - a d d i p v 6 s u p p o r t t o s _ c l i e n t a n d s _ s e r v e r ( b y J a n P a z d z i o r a ) ( # 1 9 8 7 3 7 ) b r > - a d d p a t c h e s f o r B N t h r e a d s a f e t y , A E S c a c h e c o l l i s i o n a t t a c k h a z a r d f i x a n d b r > p k c s 7 c o d e m e m l e a k f i x f r o m u p s t r e a m C V S b r > b r > [ 0 . 9 . 8 b - 3 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 8 b - 3 ] b r > - d r o p p e d l i b i c a a n d i c a e n g i n e f r o m b u i l d b r > b r > * W e d J u n 2 1 2 0 0 6 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - u p d a t e t o n e w C A b u n d l e f r o m m o z i l l a . o r g ; a d d s C A c e r t i f i c a t e s b r > f r o m n e t l o c k . h u a n d s t a r t c o m . o r g b r > b r > [ 0 . 9 . 8 b - 2 ] b r > - f i x e d a f e w r p m l i n t w a r n i n g s b r > - b e t t e r f i x f o r # 1 7 3 3 9 9 f r o m u p s t r e a m b r > - u p s t r e a m f i x f o r p k c s 1 2 b r > b r > [ 0 . 9 . 8 b - 1 ] b r > - u p g r a d e t o n e w v e r s i o n , s t a y s A B I c o m p a t i b l e b r > - t h e r e i s n o m o r e l i n u x / c o n f i g . h ( i t w a s e m p t y a n y w a y ) b r > b r > [ 0 . 9 . 8 a - 6 ] b r > - f i x s t a l e o p e n h a n d l e s i n l i b i c a ( # 1 7 7 1 5 5 ) b r > - f i x b u i l d i f ' r a n d ' o r ' p a s s w d ' i n b u i l d r o o t p a t h ( # 1 7 8 7 8 2 ) b r > - i n i t i a l i z e V I A P a d l o c k e n g i n e ( # 1 8 6 8 5 7 ) b r > b r > [ 0 . 9 . 8 a - 5 . 2 ] b r > - b u m p a g a i n f o r d o u b l e - l o n g b u g o n p p c ( 6 4 ) b r > b r > [ 0 . 9 . 8 a - 5 . 1 ] b r > - r e b u i l t f o r n e w g c c 4 . 1 s n a p s h o t a n d g l i b c c h a n g e s b r > b r > [ 0 . 9 . 8 a - 5 ] b r > - d o n ' t i n c l u d e S S L _ O P _ N E T S C A P E _ R E U S E _ C I P H E R _ C H A N G E _ B U G b r > i n S S L _ O P _ A L L ( # 1 7 5 7 7 9 ) b r > b r > * F r i D e c 0 9 2 0 0 5 J e s s e K e a t i n g j k e a t i n g @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 8 a - 4 ] b r > - f i x b u i l d ( - l c r y p t o w a s e r r o n e u s l y d r o p p e d ) o f t h e u p d a t e d l i b i c a b r > - u p d a t e d I C A e n g i n e t o 1 . 3 . 6 - r c 3 b r > b r > [ 0 . 9 . 8 a - 3 ] b r > - d i s a b l e b u i l t i n c o m p r e s s i o n m e t h o d s f o r n o w u n t i l t h e y w o r k b r > p r o p e r l y ( # 1 7 3 3 9 9 ) b r > b r > [ 0 . 9 . 8 a - 2 ] b r > - d o n ' t s e t - r p a t h f o r o p e n s s l b i n a r y b r > b r > [ 0 . 9 . 8 a - 1 ] b r > - n e w u p s t r e a m v e r s i o n b r > - p a t c h e s p a r t i a l l y r e n u m b e r e d b r > b r > [ 0 . 9 . 7 f - 1 1 ] b r > - u p d a t e d I B M I C A e n g i n e l i b r a r y a n d p a t c h t o l a t e s t u p s t r e a m v e r s i o n b r > b r > [ 0 . 9 . 7 f - 1 0 ] b r > - f i x C A N - 2 0 0 5 - 2 9 6 9 - r e m o v e S S L _ O P _ M S I E _ S S L V 2 _ R S A _ P A D D I N G w h i c h b r > d i s a b l e s t h e c o u n t e r m e a s u r e a g a i n s t m a n i n t h e m i d d l e a t t a c k i n S S L v 2 b r > ( # 1 6 9 8 6 3 ) b r > - u s e s h a 1 a s d e f a u l t f o r C A a n d c e r t r e q u e s t s - C A N - 2 0 0 5 - 2 9 4 6 ( # 1 6 9 8 0 3 ) b r > b r > [ 0 . 9 . 7 f - 9 ] b r > - a d d * . s o . s o v e r s i o n a s s y m l i n k s i n / l i b ( # 1 6 5 2 6 4 ) b r > - r e m o v e u n p a c k a g e d s y m l i n k s ( # 1 5 9 5 9 5 ) b r > - f i x e s f r o m u p s t r e a m ( c o n s t a n t t i m e f i x e s f o r D S A , b r > b n a s s e m b l e r d i v o n p p c a r c h , i n i t i a l i z e m e m o r y o n r e a l l o c ) b r > b r > [ 0 . 9 . 7 f - 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 f - 7 ] b r > - f i x C A N - 2 0 0 5 - 0 1 0 9 - u s e c o n s t a n t t i m e / m e m o r y a c c e s s m o d _ e x p b r > s o b i t s o f p r i v a t e k e y a r e n ' t l e a k e d b y c a c h e e v i c t i o n ( # 1 5 7 6 3 1 ) b r > - a f e w m o r e f i x e s f r o m u p s t r e a m 0 . 9 . 7 g b r > b r > [ 0 . 9 . 7 f - 6 ] b r > - u s e p o l l i n s t e a d o f s e l e c t i n r a n d ( # 1 2 8 2 8 5 ) b r > - f i x M a k e f i l e . c e r t i f i c a t e t o p o i n t t o / e t c / p k i / t l s b r > - c h a n g e t h e d e f a u l t s t r i n g m a s k i n A S N 1 t o P r i n t a b l e S t r i n g + U T F 8 S t r i n g b r > b r > [ 0 . 9 . 7 f - 5 ] b r > - u p d a t e t o r e v i s i o n 1 . 3 7 o f M o z i l l a C A b u n d l e b r > b r > [ 0 . 9 . 7 f - 4 ] b r > - m o v e c e r t i f i c a t e s t o _ s y s c o n f d i r / p k i / t l s ( # 1 4 3 3 9 2 ) b r > - m o v e C A d i r e c t o r i e s t o _ s y s c o n f d i r / p k i / C A b r > - p a t c h t h e C A s c r i p t a n d t h e d e f a u l t c o n f i g s o i t p o i n t s t o t h e b r > C A d i r e c t o r i e s b r > b r > [ 0 . 9 . 7 f - 3 ] b r > - u n i n i t i a l i z e d v a r i a b l e m u s t n ' t b e u s e d a s i n p u t i n i n l i n e b r > a s s e m b l y b r > - r e e n a b l e t h e x 8 6 _ 6 4 a s s e m b l y a g a i n b r > b r > [ 0 . 9 . 7 f - 2 ] b r > - a d d b a c k R C 4 _ C H A R o n i a 6 4 a n d x 8 6 _ 6 4 s o t h e A B I i s n ' t b r o k e n b r > - d i s a b l e b r o k e n b i g n u m a s s e m b l y o n x 8 6 _ 6 4 b r > b r > [ 0 . 9 . 7 f - 1 ] b r > - r e e n a b l e o p t i m i z a t i o n s o n p p c 6 4 a n d a s s e m b l y c o d e o n i a 6 4 b r > - u p g r a d e t o n e w u p s t r e a m v e r s i o n ( n o s o n a m e b u m p n e e d e d ) b r > - d i s a b l e t h r e a d t e s t - i t w a s t e s t i n g t h e b a c k p o r t o f t h e b r > R S A b l i n d i n g - n o l o n g e r n e e d e d b r > - a d d e d s u p p o r t f o r c h a n g i n g s e r i a l n u m b e r t o b r > M a k e f i l e . c e r t i f i c a t e ( # 1 5 1 1 8 8 ) b r > - m a k e c a - b u n d l e . c r t a c o n f i g f i l e ( # 1 1 8 9 0 3 ) b r > b r > [ 0 . 9 . 7 e - 3 ] b r > - l i b c r y p t o s h o u l d n ' t d e p e n d o n l i b k r b 5 ( # 1 3 5 9 6 1 ) b r > b r > [ 0 . 9 . 7 e - 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 e - 1 ] b r > - n e w u p s t r e a m s o u r c e , u p d a t e d p a t c h e s b r > - a d d e d p a t c h s o w e a r e h o p e f u l l y A B I c o m p a t i b l e w i t h u p c o m i n g b r > 0 . 9 . 7 f b r > b r > * T h u F e b 1 0 2 0 0 5 T o m a s M r a z t m r a z @ r e d h a t . c o m > b r > - S u p p o r t U T F - 8 c h a r s e t i n t h e M a k e f i l e . c e r t i f i c a t e ( # 1 3 4 9 4 4 ) b r > - A d d e d c m p t o B u i l d P r e r e q b r > b r > [ 0 . 9 . 7 a - 4 6 ] b r > - g e n e r a t e n e w c a - b u n d l e . c r t f r o m M o z i l l a c e r t d a t a . t x t ( r e v i s i o n 1 . 3 2 ) b r > b r > [ 0 . 9 . 7 a - 4 5 ] b r > - F i x e d a n d u p d a t e d l i b i c a - 1 . 3 . 4 - u r a n d o m . p a t c h p a t c h ( # 1 2 2 9 6 7 ) b r > b r > [ 0 . 9 . 7 a - 4 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 3 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 2 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 4 1 ] b r > - r e m o v e d e r _ c h o p , a s u p s t r e a m c v s h a s d o n e ( C A N - 2 0 0 4 - 0 9 7 5 , # 1 4 0 0 4 0 ) b r > b r > [ 0 . 9 . 7 a - 4 0 ] b r > - I n c l u d e l a t e s t l i b i c a v e r s i o n w i t h i m p o r t a n t b u g f i x e s b r > b r > * T u e J u n 1 5 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 8 ] b r > - U p d a t e d I C A e n g i n e I B M p a t c h t o l a t e s t u p s t r e a m v e r s i o n . b r > b r > [ 0 . 9 . 7 a - 3 7 ] b r > - b u i l d f o r l i n u x - a l p h a - g c c i n s t e a d o f a l p h a - g c c o n a l p h a ( J e f f G a r z i k ) b r > b r > [ 0 . 9 . 7 a - 3 6 ] b r > - h a n d l e % { _ a r c h } = i 4 8 6 / i 5 8 6 / i 6 8 6 / a t h l o n c a s e s i n t h e i n t e r m e d i a t e b r > h e a d e r ( # 1 2 4 3 0 3 ) b r > b r > [ 0 . 9 . 7 a - 3 5 ] b r > - a d d s e c u r i t y f i x e s f o r C A N - 2 0 0 4 - 0 0 7 9 , C A N - 2 0 0 4 - 0 1 1 2 b r > b r > * T u e M a r 1 6 2 0 0 4 P h i l K n i r s c h p k n i r s c h @ r e d h a t . c o m > b r > - F i x e d l i b i c a f i l e s p e c . b r > b r > [ 0 . 9 . 7 a - 3 4 ] b r > - p p c / p p c 6 4 d e f i n e _ _ p o w e r p c _ _ / _ _ p o w e r p c 6 4 _ _ , n o t _ _ p p c _ _ / _ _ p p c 6 4 _ _ , f i x b r > t h e i n t e r m e d i a t e h e a d e r b r > b r > [ 0 . 9 . 7 a - 3 3 ] b r > - a d d a n i n t e r m e d i a t e o p e n s s l / o p e n s s l c o n f . h > w h i c h p o i n t s t o t h e r i g h t b r > a r c h - s p e c i f i c o p e n s s l c o n f . h o n m u l t i l i b a r c h e s b r > b r > * T u e M a r 0 2 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 3 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 5 . b r > b r > [ 0 . 9 . 7 a - 3 1 ] b r > - U p d a t e I C A c r y p t o e n g i n e p a t c h f r o m I B M t o l a t e s t v e r s i o n . b r > b r > * F r i F e b 1 3 2 0 0 4 E l l i o t L e e s o p w i t h @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 9 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 2 8 ] b r > - F i x e d l i b i c a b u i l d . b r > b r > * W e d F e b 0 4 2 0 0 4 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d ' - l d l ' t o l i n k f l a g s a d d e d f o r L i n u x - o n - A R M ( # 9 9 3 1 3 ) b r > b r > [ 0 . 9 . 7 a - 2 7 ] b r > - u p d a t e d c a - b u n d l e . c r t : r e m o v e d e x p i r e d G e o T r u s t r o o t s , a d d e d b r > f r e e s s l . c o m r o o t , r e m o v e d t r u s t c e n t e r . d e C l a s s 0 r o o t b r > b r > [ 0 . 9 . 7 a - 2 6 ] b r > - F i x l i n k l i n e f o r l i b s s l ( b u g # 1 1 1 1 5 4 ) . b r > b r > [ 0 . 9 . 7 a - 2 5 ] b r > - a d d d e p e n d e n c y o n z l i b - d e v e l f o r t h e - d e v e l p a c k a g e , w h i c h d e p e n d s o n z l i b b r > s y m b o l s b e c a u s e w e e n a b l e z l i b f o r l i b s s l ( # 1 0 2 9 6 2 ) b r > b r > [ 0 . 9 . 7 a - 2 4 ] b r > - U s e / d e v / u r a n d o m i n s t e a d o f P R N G f o r l i b i c a . b r > - A p p l y l i b i c a - 1 . 3 . 5 f i x f o r / d e v / u r a n d o m i n i c a l i n u x . c b r > - U s e l a t e s t I C A e n g i n e p a t c h f r o m I B M . b r > b r > [ 0 . 9 . 7 a - 2 2 . 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - r e b u i l d ( 2 2 w a s n ' t a c t u a l l y b u i l t , f u n e h ? ) b r > b r > [ 0 . 9 . 7 a - 2 3 ] b r > - r e - d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T u e S e p 3 0 2 0 0 3 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - a d d a _ m b s t r . c f i x f o r 6 4 - b i t p l a t f o r m s f r o m C V S b r > b r > [ 0 . 9 . 7 a - 2 2 ] b r > - a d d - W a , - - n o e x e c s t a c k t o R P M _ O P T _ F L A G S s o t h a t a s s e m b l e d m o d u l e s g e t t a g g e d b r > a s n o t n e e d i n g e x e c u t a b l e s t a c k s b r > b r > [ 0 . 9 . 7 a - 2 1 ] b r > - r e b u i l d b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - e n a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * T h u S e p 2 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e e x c l u s i v e a r c h b r > b r > [ 0 . 9 . 7 a - 2 0 ] b r > - o n l y p a r s e a c l i e n t c e r t i f o n e w a s r e q u e s t e d b r > - t e m p o r a r i l y e x c l u s i v e a r c h f o r % { i x 8 6 } b r > b r > * T u e S e p 2 3 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d s e c u r i t y f i x e s f o r p r o t o c o l p a r s i n g b u g s ( C A N - 2 0 0 3 - 0 5 4 3 , C A N - 2 0 0 3 - 0 5 4 4 ) b r > a n d h e a p c o r r u p t i o n ( C A N - 2 0 0 3 - 0 5 4 5 ) b r > - u p d a t e R H N S - C A - C E R T f i l e s b r > - e a s e b a c k o n t h e n u m b e r o f t h r e a d s u s e d i n t h e t h r e a d i n g t e s t b r > b r > [ 0 . 9 . 7 a - 1 9 ] b r > - r e b u i l d t o f i x g z i p p e d f i l e m d 5 s u m s ( # 9 1 2 1 1 ) b r > b r > [ 0 . 9 . 7 a - 1 8 ] b r > - U p d a t e d l i b i c a t o v e r s i o n 1 . 3 . 4 . b r > b r > [ 0 . 9 . 7 a - 1 7 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 . 9 ] b r > - f r e e t h e k s s l _ c t x s t r u c t u r e w h e n w e f r e e a n S S L s t r u c t u r e ( # 9 9 0 6 6 ) b r > b r > [ 0 . 9 . 7 a - 1 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 5 ] b r > - l o w e r t h r e a d t e s t c o u n t o n s 3 9 0 x b r > b r > [ 0 . 9 . 7 a - 1 4 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 3 ] b r > - d i s a b l e a s s e m b l y o n a r c h e s w h e r e i t s e e m s t o c o n f l i c t w i t h t h r e a d i n g b r > b r > [ 0 . 9 . 7 a - 1 2 ] b r > - U p d a t e d l i b i c a t o l a t e s t u p s t r e a m v e r s i o n 1 . 3 . 0 b r > b r > [ 0 . 9 . 7 a - 9 . 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 1 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 7 a - 1 0 ] b r > - u b s e c : d o n ' t s t o m p o n o u t p u t d a t a w h i c h m i g h t a l s o b e i n p u t d a t a b r > b r > [ 0 . 9 . 7 a - 9 ] b r > - t e m p o r a r i l y d i s a b l e o p t i m i z a t i o n s o n p p c 6 4 b r > b r > * M o n J u n 0 9 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b a c k p o r t f i x f o r e n g i n e - u s e d - f o r - e v e r y t h i n g f r o m 0 . 9 . 7 b b r > - b a c k p o r t f i x f o r p r n g n o t b e i n g s e e d e d c a u s i n g p r o b l e m s , a l s o f r o m 0 . 9 . 7 b b r > - a d d a c h e c k a t b u i l d - t i m e t o e n s u r e t h a t R S A i s t h r e a d - s a f e b r > - k e e p p e r l p a t h f r o m s t o m p i n g o n t h e l i b i c a c o n f i g u r e s c r i p t s b r > b r > * F r i J u n 0 6 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t h r e a d - s a f e t y f i x f o r R S A b l i n d i n g b r > b r > [ 0 . 9 . 7 a - 8 ] b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 a - 7 ] b r > - A d d e d l i b i c a - 1 . 2 t o o p e n s s l ( f e a t u r e r e q u e s t ) . b r > b r > [ 0 . 9 . 7 a - 6 ] b r > - f i x b u i l d i n g w i t h i n c o r r e c t f l a g s o n p p c 6 4 b r > b r > [ 0 . 9 . 7 a - 5 ] b r > - a d d p a t c h t o h a r d e n a g a i n s t K l i m a - P o k o r n y - R o s a e x t e n s i o n o f B l e i c h e n b a c h e r ' s b r > a t t a c k ( C A N - 2 0 0 3 - 0 1 3 1 ) b r > b r > [ 0 . 9 . 7 a - 4 ] b r > - a d d p a t c h t o e n a b l e R S A b l i n d i n g b y d e f a u l t , c l o s i n g a t i m i n g a t t a c k b r > ( C A N - 2 0 0 3 - 0 1 4 7 ) b r > b r > [ 0 . 9 . 7 a - 3 ] b r > - d i s a b l e u s e o f B N a s s e m b l y m o d u l e o n x 8 6 _ 6 4 , b u t c o n t i n u e t o a l l o w i n l i n e b r > a s s e m b l y ( # 8 3 4 0 3 ) b r > b r > [ 0 . 9 . 7 a - 2 ] b r > - d i s a b l e E C a l g o r i t h m s b r > b r > [ 0 . 9 . 7 a - 1 ] b r > - u p d a t e t o 0 . 9 . 7 a b r > b r > [ 0 . 9 . 7 - 8 ] b r > - a d d f i x t o g u a r d a g a i n s t a t t e m p t s t o a l l o c a t e n e g a t i v e a m o u n t s o f m e m o r y b r > - a d d p a t c h f o r C A N - 2 0 0 3 - 0 0 7 8 , f i x i n g a t i m i n g a t t a c k b r > b r > [ 0 . 9 . 7 - 7 ] b r > - A d d o p e n s s l - p p c 6 4 . p a t c h b r > b r > [ 0 . 9 . 7 - 6 ] b r > - E V P _ D e c r y p t I n i t s h o u l d c a l l E V P _ C i p h e r I n i t ( ) i n s t e a d o f E V P _ C i p h e r I n i t _ e x ( ) , b r > t o g e t t h e r i g h t b e h a v i o r w h e n p a s s e d u n i n i t i a l i z e d c o n t e x t s t r u c t u r e s b r > ( # 8 3 7 6 6 ) b r > - b u i l d w i t h - m c p u = e v 5 o n a l p h a f a m i l y ( # 8 3 8 2 8 ) b r > b r > * W e d J a n 2 2 2 0 0 3 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - r e b u i l t b r > b r > [ 0 . 9 . 7 - 4 ] b r > - A d d e d I B M h w c r y p t o s u p p o r t p a t c h . b r > b r > * W e d J a n 1 5 2 0 0 3 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d m i s s i n g b u i l d d e p o n s e d b r > b r > [ 0 . 9 . 7 - 3 ] b r > - d e b l o a t b r > - f i x b r o k e n m a n p a g e s y m l i n k s b r > b r > [ 0 . 9 . 7 - 2 ] b r > - f i x d o u b l e - f r e e i n ' o p e n s s l c a ' b r > b r > [ 0 . 9 . 7 - 1 ] b r > - u p d a t e t o 0 . 9 . 7 f i n a l b r > b r > [ 0 . 9 . 7 - 0 ] b r > - u p d a t e t o 0 . 9 . 7 b e t a 6 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > * W e d D e c 1 1 2 0 0 2 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 7 b e t a 5 ( D O N O T U S E U N T I L U P D A T E D T O F I N A L 0 . 9 . 7 ) b r > b r > [ 0 . 9 . 6 b - 3 0 ] b r > - a d d c o n f i g u r a t i o n s t a n z a f o r x 8 6 _ 6 4 a n d u s e i t o n x 8 6 _ 6 4 b r > - b u i l d f o r l i n u x - p p c o n p p c b r > - s t a r t r u n n i n g t h e s e l f - t e s t s a g a i n b r > b r > [ 0 . 9 . 6 b - 2 9 h a m m e r . 3 ] b r > - M e r g e f i x e s f r o m p r e v i o u s h a m m e r p a c k a g e s , i n c l u d i n g g e n e r a l x 8 6 - 6 4 a n d b r > m u l t i l i b b r > b r > [ 0 . 9 . 6 b - 2 9 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 8 ] b r > - u p d a t e a s n p a t c h t o f i x a c c i d e n t a l r e v e r s a l o f a l o g i c c h e c k b r > b r > [ 0 . 9 . 6 b - 2 7 ] b r > - u p d a t e a s n p a t c h t o r e d u c e c h a n c e t h a t c o m p i l e r o p t i m i z a t i o n w i l l r e m o v e b r > o n e o f t h e a d d e d t e s t s b r > b r > [ 0 . 9 . 6 b - 2 6 ] b r > - r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 5 ] b r > - a d d p a t c h t o f i x A S N . 1 v u l n e r a b i l i t i e s b r > b r > [ 0 . 9 . 6 b - 2 4 ] b r > - a d d b a c k p o r t o f B e n L a u r i e ' s p a t c h e s f o r O p e n S S L 0 . 9 . 6 d b r > b r > [ 0 . 9 . 6 b - 2 3 ] b r > - o w n { _ d a t a d i r } / s s l / m i s c b r > b r > * F r i J u n 2 1 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > * S u n M a y 2 6 2 0 0 2 T i m P o w e r s t i m p @ r e d h a t . c o m > b r > - a u t o m a t e d r e b u i l d b r > b r > [ 0 . 9 . 6 b - 2 0 ] b r > - f r e e r i d e t h r o u g h t h e b u i l d s y s t e m ( w h e e ! ) b r > b r > [ 0 . 9 . 6 b - 1 9 ] b r > - r e b u i l d i n n e w e n v i r o n m e n t b r > b r > [ 0 . 9 . 6 b - 1 7 , 0 . 9 . 6 b - 1 8 ] b r > - m e r g e R H L - s p e c i f i c b i t s i n t o s t r o n g h o l d p a c k a g e , r e n a m e b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 2 ] b r > - a d d s u p p o r t f o r C h r y s a l i s L u n a t o k e n b r > b r > * T u e M a r 2 6 2 0 0 2 G a r y B e n s o n g b e n s o n @ r e d h a t . c o m > b r > - d i s a b l e A E P r a n d o m n u m b e r g e n e r a t i o n , o t h e r A E P f i x e s b r > b r > [ 0 . 9 . 6 b - 1 5 ] b r > - o n l y b u i l d s u b p a c k a g e s o n p r i m a r y a r c h e s b r > b r > [ 0 . 9 . 6 b - 1 3 ] b r > - o n i a 3 2 , o n l y d i s a b l e u s e o f a s s e m b l e r o n i 3 8 6 b r > - e n a b l e a s s e m b l y o n i a 6 4 b r > b r > [ 0 . 9 . 6 b - 1 1 ] b r > - f i x s p a r c v 9 e n t r y b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 c - 1 ] b r > - u p g r a d e t o 0 . 9 . 6 c b r > - b u m p B u i l d A r c h t o i 6 8 6 a n d e n a b l e a s s e m b l e r o n a l l p l a t f o r m s b r > - s y n c h r o n i s e w i t h s h r i m p y a n d r a w h i d e b r > - b u m p s o v e r s i o n t o 3 b r > b r > * W e d O c t 1 0 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - d e l e t e B N _ L L O N G f o r s 3 9 0 x , p a t c h f r o m O l i v e r P a u k s t a d t b r > b r > [ 0 . 9 . 6 b - 9 ] b r > - u p d a t e A E P d r i v e r p a t c h b r > b r > * M o n S e p 1 0 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t R N G d i s a b l i n g p a t c h t o m a t c h v e r s i o n o f p a t c h f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 8 ] b r > - d i s a b l e t h e R N G i n t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 7 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 6 ] b r > - t w e a k s t o t h e u b s e c e n g i n e d r i v e r b r > b r > [ 0 . 9 . 6 b - 5 ] b r > - u p d a t e u b s e c e n g i n e d r i v e r f r o m B r o a d c o m b r > b r > [ 0 . 9 . 6 b - 4 ] b r > - m o v e m a n p a g e s b a c k t o % { _ m a n d i r } / m a n ? / f o o . ? s s l f r o m b r > % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > - a d d a n [ e n g i n e ] s e c t i o n t o t h e d e f a u l t c o n f i g u r a t i o n f i l e b r > b r > * T h u A u g 0 9 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a p a t c h f o r s e l e c t i n g a d e f a u l t e n g i n e i n S S L _ l i b r a r y _ i n i t ( ) b r > b r > [ 0 . 9 . 6 b - 3 ] b r > - a d d p a t c h e s f o r A E P h a r d w a r e s u p p o r t b r > - a d d p a t c h t o k e e p t r y i n g w h e n w e f a i l t o l o a d a c e r t f r o m a f i l e a n d b r > t h e r e a r e m o r e i n t h e f i l e b r > - a d d m i s s i n g p r o t o t y p e f o r E N G I N E _ u b s e c ( ) i n e n g i n e _ i n t . h b r > b r > [ 0 . 9 . 6 b - 2 ] b r > - a c t u a l l y a d d h w _ u b s e c t o t h e e n g i n e l i s t b r > b r > * T u e J u l 1 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d i n t h e h w _ u b s e c d r i v e r f r o m C V S b r > b r > [ 0 . 9 . 6 b - 1 ] b r > - u p d a t e t o 0 . 9 . 6 b b r > b r > * T h u J u l 0 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e . s o s y m l i n k s b a c k t o % { _ l i b d i r } b r > b r > * T u e J u l 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e s h a r e d l i b r a r i e s t o / l i b ( # 3 8 4 1 0 ) b r > b r > * M o n J u n 2 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s w i t c h t o e n g i n e c o d e b a s e b r > b r > * M o n J u n 1 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s c r i p t f o r c r e a t i n g d u m m y c e r t i f i c a t e s b r > - m o v e m a n p a g e s f r o m % { _ m a n d i r } / m a n ? / f o o . ? s s l t o % { _ m a n d i r } / m a n ? s s l / f o o . ? b r > b r > * T h u J u n 0 7 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d s 3 9 0 x s u p p o r t b r > b r > * F r i J u n 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c h a n g e t w o m e m c p y ( ) c a l l s t o m e m m o v e ( ) b r > - d o n ' t d e f i n e L _ E N D I A N o n a l p h a b r > b r > [ s t r o n g h o l d - 0 . 9 . 6 a - 1 ] b r > - A d d ' s t r o n g h o l d - ' p r e f i x t o p a c k a g e n a m e s . b r > - O b s o l e t e s t a n d a r d o p e n s s l p a c k a g e s . b r > b r > * W e d M a y 1 6 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - A d d B u i l d A r c h : i 5 8 6 a s p e r N a l i n ' s a d v i c e . b r > b r > * T u e M a y 1 5 2 0 0 1 J o e O r t o n j o r t o n @ r e d h a t . c o m > b r > - E n a b l e a s s e m b l e r o n i x 8 6 ( u s i n g n e w . t a r . b z 2 w h i c h d o e s b r > i n c l u d e t h e a s m d i r e c t o r i e s ) . b r > b r > * T u e M a y 1 5 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u b p a c k a g e s d e p e n d o n t h e m a i n p a c k a g e b r > b r > * T u e M a y 0 1 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d j u s t t h e h o b b l e s c r i p t t o n o t d i s t u r b s y m l i n k s i n i n c l u d e / ( f i x f r o m b r > J o e O r t o n ) b r > b r > * F r i A p r 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d r o p t h e m 2 c r y p o p a t c h w e w e r e n ' t u s i n g b r > b r > * T u e A p r 2 4 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - c o n f i g u r e u s i n g ' s h a r e d ' a s w e l l b r > b r > * S u n A p r 0 8 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 a b r > - u s e t h e b u i l d - s h a r e d t a r g e t t o b u i l d s h a r e d l i b r a r i e s b r > - b u m p t h e s o v e r s i o n t o 2 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h b r > o u r 0 . 9 . 5 a p a c k a g e s o r o u r 0 . 9 . 6 p a c k a g e s b r > - d r o p t h e p a t c h f o r m a k i n g r s a t e s t a n o - o p w h e n r s a n u l l s u p p o r t i s u s e d b r > - p u t a l l m a n p a g e s i n t o s e c t i o n > s s l i n s t e a d o f s e c t i o n > b r > - b r e a k t h e m 2 c r y p t o m o d u l e s i n t o a s e p a r a t e p a c k a g e b r > b r > * T u e M a r 1 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e B N _ L L O N G o n s 3 9 0 b r > b r > * M o n M a r 1 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e s 3 9 0 c h a n g e s f o r 0 . 9 . 6 ( i s n ' t s u p p o s e d t o b e m a r k e d a s 6 4 - b i t ) b r > b r > * S a t M a r 0 3 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e c _ r e h a s h t o t h e p e r l s u b p a c k a g e , b e c a u s e i t ' s a p e r l s c r i p t n o w b r > b r > * F r i M a r 0 2 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 6 b r > - e n a b l e M D 2 b r > - u s e t h e l i b c r y p t o . s o a n d l i b s s l . s o t a r g e t s t o b u i l d s h a r e d l i b s w i t h b r > - b u m p t h e s o v e r s i o n t o 1 b e c a u s e w e ' r e n o l o n g e r c o m p a t i b l e w i t h a n y o f b r > t h e v a r i o u s 0 . 9 . 5 a p a c k a g e s c i r c u l a t i n g a r o u n d , w h i c h p r o v i d e l i b * . s o . 0 b r > b r > * W e d F e b 2 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - c h a n g e h o b b l e - o p e n s s l f o r d i s a b l i n g M D 2 a g a i n b r > b r > * T u e F e b 2 7 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e - d i s a b l e M D 2 - - t h e E V P _ M D _ C T X s t r u c t u r e w o u l d g r o w f r o m 1 0 0 t o 1 5 2 b r > b y t e s o r s o , c a u s i n g E V P _ D i g e s t I n i t ( ) t o z e r o o u t s t a c k v a r i a b l e s i n b r > a p p s b u i l t a g a i n s t a v e r s i o n o f t h e l i b r a r y w i t h o u t i t b r > b r > * M o n F e b 2 6 2 0 0 1 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e s o m e i n l i n e a s s e m b l y , w h i c h o n x 8 6 i s P e n t i u m - s p e c i f i c b r > - r e - e n a b l e M D 2 ( s e e h t t p : / / w w w . i e t f . o r g / i e t f / I P R / R S A - M D - a l l ) b r > b r > * T h u F e b 0 8 2 0 0 1 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - f i x s 3 9 0 p a t c h b r > b r > * F r i D e c 0 8 2 0 0 0 T h a n N g o t h a n @ r e d h a t . c o m > b r > - a d d e d s u p p o r t s 3 9 0 b r > b r > * M o n N o v 2 0 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e - W a , * a n d - m * c o m p i l e r f l a g s f r o m t h e d e f a u l t C o n f i g u r e f i l e ( # 2 0 6 5 6 ) b r > - a d d t h e C A . p l m a n p a g e t o t h e p e r l s u b p a c k a g e b r > b r > * T h u N o v 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a l w a y s b u i l d w i t h - m c p u = e v 5 o n a l p h a b r > b r > * T u e O c t 3 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a s y m l i n k f r o m c e r t . p e m t o c a - b u n d l e . c r t b r > b r > * W e d O c t 2 5 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d a c a - b u n d l e f i l e f o r p a c k a g e s l i k e S a m b a t o r e f e r e n c e f o r C A c e r t i f i c a t e s b r > b r > * T u e O c t 2 4 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - r e m o v e l i b c r y p t o ' s c r y p t ( ) , w h i c h d o e s n ' t h a n d l e m d 5 c r y p t ( # 1 9 2 9 5 ) b r > b r > * M o n O c t 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d u n z i p a s a b u i l d p r e r e q ( # 1 7 6 6 2 ) b r > - u p d a t e m 2 c r y p t o t o 0 . 0 5 - s n a p 4 b r > b r > * T u e S e p 2 6 2 0 0 0 B i l l N o t t i n g h a m n o t t i n g @ r e d h a t . c o m > b r > - f i x s o m e i s s u e s i n b u i l d i n g w h e n i t ' s n o t i n s t a l l e d b r > b r > * W e d S e p 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m a k e s u r e t h e h e a d e r s w e i n c l u d e a r e t h e o n e s w e b u i l t w i t h ( a a a a a r r g h ! ) b r > b r > * F r i S e p 0 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - a d d R i c h a r d H e n d e r s o n ' s p a t c h f o r B N o n i a 6 4 b r > - c l e a n u p t h e c h a n g e l o g b r > b r > * T u e A u g 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - f i x t h e b u i l d i n g o f p y t h o n m o d u l e s w i t h o u t o p e n s s l - d e v e l a l r e a d y i n s t a l l e d b r > b r > * W e d A u g 2 3 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b y t e - c o m p i l e p y t h o n e x t e n s i o n s w i t h o u t t h e b u i l d - r o o t b r > - a d j u s t t h e m a k e f i l e t o n o t r e m o v e t e m p o r a r y f i l e s ( l i k e . k e y f i l e s w h e n b r > b u i l d i n g . c s r f i l e s ) b y m a r k i n g t h e m a s . P R E C I O U S b r > b r > * S a t A u g 1 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - b r e a k o u t p y t h o n e x t e n s i o n s i n t o a s u b p a c k a g e b r > b r > * M o n J u l 1 7 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e m a k e f i l e s o m e m o r e b r > b r > * T u e J u l 1 1 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D 2 s u p p o r t b r > b r > * T h u J u l 0 6 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - d i s a b l e M D C 2 s u p p o r t b r > b r > * S u n J u l 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - t w e a k t h e d i s a b l i n g o f R C 5 , I D E A s u p p o r t b r > - t w e a k t h e m a k e f i l e b r > b r > * T h u J u n 2 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - s t r i p b i n a r i e s a n d l i b r a r i e s b r > - r e w o r k c e r t i f i c a t e m a k e f i l e t o h a v e t h e r i g h t p a r t s f o r A p a c h e b r > b r > * W e d J u n 2 8 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u s e % { _ p e r l } i n s t e a d o f / u s r / b i n / p e r l b r > - d i s a b l e a l p h a u n t i l i t p a s s e s i t s o w n t e s t s u i t e b r > b r > * F r i J u n 0 9 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - m o v e t h e p a s s w d . 1 m a n p a g e o u t o f t h e p a s s w d p a c k a g e ' s w a y b r > b r > * F r i J u n 0 2 2 0 0 0 N a l i n D a h y a b h a i n a l i n @ r e d h a t . c o m > b r > - u p d a t e t o 0 . 9 . 5 a , m o d i f i e d f o r U . S . b r > - a d d p e r l a s a b u i l d - t i m e r e q u i r e m e n t b r > - m o v e c e r t i f i c a t e m a k e f i l e t o a n o t h e r p a c k a g e b r > - d i s a b l e R C 5 , I D E A , R S A s u p p o r t b r > - r e m o v e o p t i m i z a t i o n s f o r n o w b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - B e r o t o l d m e t o m o v e t h e M a k e f i l e i n t o t h i s p a c k a g e b r > b r > * W e d M a r 0 1 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - a d d l i b * . s o s y m l i n k s t o l i n k d y n a m i c a l l y a g a i n s t s h a r e d l i b s b r > b r > * T u e F e b 2 9 2 0 0 0 F l o r i a n L a R o c h e F l o r i a n . L a R o c h e @ r e d h a t . d e > b r > - u p d a t e t o 0 . 9 . 5 b r > - r u n l d c o n f i g d i r e c t l y i n p o s t / p o s t u n b r > - a d d F A Q b r > b r > * S a t D e c 1 8 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - F i x b u i l d o n n o n - x 8 6 p l a t f o r m s b r > b r > * F r i N o v 1 2 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - m o v e / u s r / s h a r e / s s l / * f r o m - d e v e l t o m a i n p a c k a g e b r > b r > * T u e O c t 2 6 1 9 9 9 B e r n h a r d R o s e n k r d n z e r b e r o @ r e d h a t . d e > b r > - i n i t a l p a c k a g i n g b r > - c h a n g e s f r o m b a s e : b r > - M o v e / u s r / l o c a l / s s l t o / u s r / s h a r e / s s l f o r F H S c o m p l i a n c e b r > - h a n d l e R P M _ O P T _ F L A G S b r > o p e n s s l - 1 . 0 . 1 - b e t a 2 - r p m b u i l d . p a t c h b r > o p e n s s l - 0 . 9 . 8 a - n o - r p a t h . p a t c h / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 0 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 0 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 6 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 7 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 7 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 8 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 8 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 8 9 . h t m l \" > C V E - 2 0 1 5 - 0 2 8 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 2 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 2 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 9 3 . h t m l \" > C V E - 2 0 1 5 - 0 2 9 3 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . s r c . r p m / t d > t d > a 1 5 1 5 7 a e 5 1 c 4 9 6 a 0 f b b c e b f 3 e d 8 1 c 7 5 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 3 f e 4 0 1 6 a 2 0 6 1 6 3 0 9 f 3 6 1 8 9 5 e f f 1 a 6 b a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - d e v e l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 8 4 2 5 9 3 d f 2 9 4 e 9 b 4 a f 9 e c 8 9 e e a 2 c 3 e 7 c a / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - p e r l - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 d f b a e 8 9 0 b e 2 5 f f 1 4 c 3 e 7 a 2 6 f 5 0 5 8 a 3 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > o p e n s s l - f i p s - s t a t i c - 1 . 0 . 1 m - 2 . 0 . 1 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > a e c b 3 b 5 9 b c c b a 0 e 8 f b a 2 b 6 2 e 4 3 c c 6 a b e / t d > t d > a h r e f = # > - / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "published": "2015-04-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-3022.html", "cvelist": ["CVE-2013-0166", "CVE-2012-2333", "CVE-2006-3738", "CVE-2009-1379", "CVE-2006-2940", "CVE-2006-2937", "CVE-2007-4995", "CVE-2011-4108", "CVE-2009-1377", "CVE-2013-0169", "CVE-2015-0286", "CVE-2013-6449", "CVE-2006-4343", "CVE-2003-0544", "CVE-2007-3108", "CVE-2003-0543", "CVE-2011-4576", "CVE-2003-0545", "CVE-2005-2946", "CVE-2005-2969", "CVE-2006-4339", "CVE-2004-0112", "CVE-2015-0288", "CVE-2009-4355", "CVE-2012-1165", "CVE-2011-4577", "CVE-2014-0224", "CVE-2010-0742", "CVE-2008-0891", "CVE-2004-0975", "CVE-2011-4619", "CVE-2003-0131", "CVE-2004-0079", "CVE-2007-5135", "CVE-2011-0014", "CVE-2009-1378", "CVE-2014-3470", "CVE-2012-4929", "CVE-2013-6450", "CVE-2012-0050", "CVE-2009-3555", "CVE-2010-1633", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4353", "CVE-2008-1672", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2012-2110", "CVE-2012-0884", "CVE-2010-3864", "CVE-2005-0109", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2015-0292", "CVE-2003-0078", "CVE-2003-0147", "CVE-2014-0221"], "lastseen": "2018-04-04T13:06:38"}, {"id": "ELSA-2016-3621", "type": "oraclelinux", "title": "openssl security update", "description": "[1.0.1e-48.3]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n- replace expired testing certificates\n[1.0.1e-48.1]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf\n[1.0.1e-48]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-47]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-46]\n- fix 1-byte memory leak in pkcs12 parse (#1229871)\n- document some options of the speed command (#1197095)\n[1.0.1e-45]\n- fix high-precision timestamps in timestamping authority\n[1.0.1e-44]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-43]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-42]\n- fix regression caused by mistake in fix for CVE-2015-1791\n[1.0.1e-41]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-40]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-39]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-38]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-37]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-36]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-35]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-34]\n- copy digest algorithm when handling SNI context switch\n- improve documentation of ciphersuites - patch by Hubert Kario\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-33]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-32]\n- use FIPS approved method for computation of d in RSA\n[1.0.1e-31]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document", "published": "2016-09-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-3621.html", "cvelist": ["CVE-2015-4000", "CVE-2013-0166", "CVE-2014-3505", "CVE-2012-2333", "CVE-2014-3508", "CVE-2015-1792", "CVE-2014-3566", "CVE-2015-3197", "CVE-2011-4108", "CVE-2014-3572", "CVE-2016-6306", "CVE-2016-0705", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-2183", "CVE-2013-0169", "CVE-2015-0286", "CVE-2013-6449", "CVE-2016-2178", "CVE-2014-3507", "CVE-2015-3195", "CVE-2016-2108", "CVE-2011-4576", "CVE-2014-3571", "CVE-2016-0799", "CVE-2016-6302", "CVE-2014-3513", "CVE-2016-2177", "CVE-2015-0288", "CVE-2012-1165", "CVE-2011-4577", "CVE-2014-0224", "CVE-2016-2105", "CVE-2015-3194", "CVE-2016-2107", "CVE-2011-4619", "CVE-2014-3511", "CVE-2011-0014", "CVE-2014-8275", "CVE-2016-2180", "CVE-2016-0797", "CVE-2016-0702", "CVE-2014-3570", "CVE-2015-7575", "CVE-2015-3196", "CVE-2014-3470", "CVE-2014-3506", "CVE-2016-2109", "CVE-2012-4929", "CVE-2016-2181", "CVE-2016-6304", "CVE-2013-6450", "CVE-2012-0050", "CVE-2015-0293", "CVE-2010-5298", "CVE-2014-0160", "CVE-2014-8176", "CVE-2013-4353", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0209", "CVE-2014-3567", "CVE-2015-0204", "CVE-2012-2110", "CVE-2012-0884", "CVE-2015-1790", "CVE-2014-3510", "CVE-2016-2182", "CVE-2015-0287", "CVE-2011-3207", "CVE-2015-0289", "CVE-2015-3216", "CVE-2015-0292", "CVE-2015-0205", "CVE-2016-2179", "CVE-2016-2106", "CVE-2014-3509", "CVE-2015-1791", "CVE-2014-0221"], "lastseen": "2017-02-06T15:00:41"}], "slackware": [{"id": "SSA-2013-040-01", "type": "slackware", "title": "openssl", "description": "New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\n14.0, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/openssl-1.0.1d-i486-1_slack14.0.txz: Upgraded.\n Make the decoding of SSLv3, TLS and DTLS CBC records constant time.\n This addresses the flaw in CBC record processing discovered by\n Nadhem Alfardan and Kenny Paterson. Details of this attack can be found\n at: http://www.isg.rhul.ac.uk/tls/\n Thanks go to Nadhem Alfardan and Kenny Paterson of the Information\n Security Group at Royal Holloway, University of London\n (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and\n Emilia K&auml;sper for the initial patch.\n (CVE-2013-0169)\n [Emilia K&auml;sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]\n Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode\n ciphersuites which can be exploited in a denial of service attack.\n Thanks go to and to Adam Langley &lt;agl@chromium.org&gt; for discovering\n and detecting this bug and to Wolfgang Ettlinger\n &lt;wolfgang.ettlinger@gmail.com&gt; for independently discovering this issue.\n (CVE-2012-2686)\n [Adam Langley]\n Return an error when checking OCSP signatures when key is NULL.\n This fixes a DoS attack. (CVE-2013-0166)\n [Steve Henson]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz: Upgraded.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8y-i486-1_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8y-i486-1_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8y-i486-1_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8y-i486-1_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8y-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8y-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8y-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8y-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8y-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8y-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8y-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8y-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8y-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1d-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1d-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1d-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1d-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1d-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1d-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 packages:\n5193bca00070ccac309ea3384e67a657 openssl-0.9.8y-i486-1_slack12.1.tgz\n76fb6bede444b059e575777092c78575 openssl-solibs-0.9.8y-i486-1_slack12.1.tgz\n\nSlackware 12.2 packages:\n5a3167936ba69442a795ed62f1ec29b2 openssl-0.9.8y-i486-1_slack12.2.tgz\ned20f551e0912a5f708da9a3c4d7ac5e openssl-solibs-0.9.8y-i486-1_slack12.2.tgz\n\nSlackware 13.0 packages:\nf059432e11a6b17643e7b8f1d78c5ce3 openssl-0.9.8y-i486-1_slack13.0.txz\n46c623b2e58053d308b3d9eb735be26b openssl-solibs-0.9.8y-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n4fb6f07f85ec4ea26cc67d8b1c037fa9 openssl-0.9.8y-x86_64-1_slack13.0.txz\n55bafd74f182806b1dcd076f31683743 openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n9713a64881622c63d0756ec9a5914980 openssl-0.9.8y-i486-1_slack13.1.txz\n5d8e3984389bd080bc37b9d1276c7a7d openssl-solibs-0.9.8y-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n821c76387f3ffa388af9e5bf81185758 openssl-0.9.8y-x86_64-1_slack13.1.txz\nb6d525a53b4cda641166f19ee70a9650 openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5195be05b85f5eb2bd4bf9ebf0a73ff9 openssl-0.9.8y-i486-1_slack13.37.txz\n5248a839148fa91de52361335dc051f5 openssl-solibs-0.9.8y-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n15e13676d0def5f0dac1e7a4704e0016 openssl-0.9.8y-x86_64-1_slack13.37.txz\nd4e5bd308d2e918c6bd7616343370c49 openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n736ca80a05b57a6f9bf2821405757466 openssl-1.0.1d-i486-1_slack14.0.txz\n32aba4ad2fb26b5fb38fc4e5016dbc0f openssl-solibs-1.0.1d-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n8c227f3b54e4650971e965d64d99713b openssl-1.0.1d-x86_64-1_slack14.0.txz\n6dbd931a3718de68d42f20db99c4f578 openssl-solibs-1.0.1d-x86_64-1_slack14.0.txz\n\nSlackware -current packages:\n9a8de5df0464c0c9e2032edba2ffbd61 a/openssl-solibs-1.0.1d-i486-1.txz\nb4a36988d1c355041d2179d5f7190c92 n/openssl-1.0.1d-i486-1.txz\n\nSlackware x86_64 -current packages:\n35e1b575b406bc8a646f620467d4a27d a/openssl-solibs-1.0.1d-x86_64-1.txz\n063e0baf782651bdcab8c56f30df651d n/openssl-1.0.1d-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1d-i486-1_slack14.0.txz openssl-solibs-1.0.1d-i486-1_slack14.0.txz", "published": "2013-02-09T15:03:57", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.839296", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-2686"], "lastseen": "2018-02-02T18:11:39"}], "ubuntu": [{"id": "USN-1732-1", "type": "ubuntu", "title": "OpenSSL vulnerabilities", "description": "Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686)\n\nStephen Henson discovered that OpenSSL incorrectly performed signature verification for OCSP responses. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-0166)\n\nNadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the \u201cLucky Thirteen\u201d issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)", "published": "2013-02-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1732-1/", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-2686"], "lastseen": "2018-03-29T18:18:39"}], "centos": [{"id": "CESA-2013:0587", "type": "centos", "title": "openssl security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0587\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nNote: This update disables zlib compression, which was previously enabled\nin OpenSSL by default. Applications using OpenSSL now need to explicitly\nenable zlib compression to use it.\n\nIt was found that OpenSSL read certain environment variables even when used\nby a privileged (setuid or setgid) application. A local attacker could use\nthis flaw to escalate their privileges. No application shipped with Red Hat\nEnterprise Linux 5 and 6 was affected by this problem. (BZ#839735)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the\nsystem rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/000819.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0587.html", "published": "2013-03-04T22:46:45", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-March/000819.html", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-4929"], "lastseen": "2018-04-04T13:00:26"}], "amazon": [{"id": "ALAS-2013-171", "type": "amazon", "title": "Medium: openssl", "description": "**Issue Overview:**\n\nIt was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. ([CVE-2013-0169 __](<https://access.redhat.com/security/cve/CVE-2013-0169>))\n\nA NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. ([CVE-2013-0166 __](<https://access.redhat.com/security/cve/CVE-2013-0166>))\n\nIt was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. ([CVE-2012-4929 __](<https://access.redhat.com/security/cve/CVE-2012-4929>))\n\nNote: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it.\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.0k-1.48.amzn1.i686 \n openssl-static-1.0.0k-1.48.amzn1.i686 \n openssl-1.0.0k-1.48.amzn1.i686 \n openssl-debuginfo-1.0.0k-1.48.amzn1.i686 \n openssl-perl-1.0.0k-1.48.amzn1.i686 \n \n src: \n openssl-1.0.0k-1.48.amzn1.src \n \n x86_64: \n openssl-debuginfo-1.0.0k-1.48.amzn1.x86_64 \n openssl-1.0.0k-1.48.amzn1.x86_64 \n openssl-devel-1.0.0k-1.48.amzn1.x86_64 \n openssl-perl-1.0.0k-1.48.amzn1.x86_64 \n openssl-static-1.0.0k-1.48.amzn1.x86_64 \n \n \n", "published": "2013-03-14T22:04:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-171.html", "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2012-4929"], "lastseen": "2016-09-28T21:04:06"}], "redhat": [{"id": "RHSA-2013:0587", "type": "redhat", "title": "(RHSA-2013:0587) Moderate: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nNote: This update disables zlib compression, which was previously enabled\nin OpenSSL by default. Applications using OpenSSL now need to explicitly\nenable zlib compression to use it.\n\nIt was found that OpenSSL read certain environment variables even when used\nby a privileged (setuid or setgid) application. A local attacker could use\nthis flaw to escalate their privileges. No application shipped with Red Hat\nEnterprise Linux 5 and 6 was affected by this problem. (BZ#839735)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the\nsystem rebooted.\n", "published": "2013-03-04T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0587", "cvelist": ["CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"], "lastseen": "2018-06-06T18:05:23"}, {"id": "RHSA-2014:0416", "type": "redhat", "title": "(RHSA-2014:0416) Important: rhevm-spice-client security update", "description": "Red Hat Enterprise Virtualization Manager provides access to virtual\nmachines using SPICE. These SPICE client packages provide the SPICE client\nand usbclerk service for both Windows 32-bit operating systems and Windows\n64-bit operating systems.\n\nThe rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE\nclient. OpenSSL, a general purpose cryptography library with a TLS\nimplementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer\npackage has been updated to correct the following issues:\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server.\nNote that the disclosed portions of memory could potentially include\nsensitive information such as private keys. (CVE-2014-0160)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the way OpenSSL handled\nTLS/SSL protocol handshake packets. A specially crafted handshake packet\ncould cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nThe updated mingw-virt-viewer Windows SPICE client further includes OpenSSL\nsecurity fixes that have no security impact on mingw-virt-viewer itself.\nThe security fixes included in this update address the following CVE\nnumbers:\n\nCVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166\n\nAll Red Hat Enterprise Virtualization Manager users are advised to upgrade\nto these updated packages, which address these issues.\n", "published": "2014-04-17T04:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0416", "cvelist": ["CVE-2012-2686", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160"], "lastseen": "2018-06-13T00:00:56"}, {"id": "RHSA-2013:0636", "type": "redhat", "title": "(RHSA-2013:0636) Important: rhev-hypervisor6 security and bug fix update", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-0292 (dbus-glib issue)\n\nCVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)\n\nCVE-2013-0338 (libxml2 issue)\n\nThis update contains the builds from the following errata:\n\novirt-node: RHBA-2013:0634\n https://rhn.redhat.com/errata/RHBA-2013-0634.html\nkernel: RHSA-2013:0630\n https://rhn.redhat.com/errata/RHSA-2013-0630.html\ndbus-glib: RHSA-2013:0568\n https://rhn.redhat.com/errata/RHSA-2013-0568.html\nlibcgroup: RHBA-2013:0560\n https://rhn.redhat.com/errata/RHBA-2013-0560.html\nvdsm: RHBA-2013:0635\n https://rhn.redhat.com/errata/RHBA-2013-0635.html\nselinux-policy: RHBA-2013:0618\n https://rhn.redhat.com/errata/RHBA-2013-0618.html\nqemu-kvm-rhev: RHSA-2013:0610\n https://rhn.redhat.com/errata/RHSA-2013-0610.html\nglusterfs: RHBA-2013:0620\n https://rhn.redhat.com/errata/RHBA-2013-0620.html\ngnutls: RHSA-2013:0588\n https://rhn.redhat.com/errata/RHSA-2013-0588.html\nipmitool: RHBA-2013:0572\n https://rhn.redhat.com/errata/RHBA-2013-0572.html\nlibxml2: RHSA-2013:0581\n https://rhn.redhat.com/errata/RHSA-2013-0581.html\nopenldap: RHBA-2013:0598\n https://rhn.redhat.com/errata/RHBA-2013-0598.html\nopenssl: RHSA-2013:0587\n https://rhn.redhat.com/errata/RHSA-2013-0587.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "published": "2013-03-13T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0636", "cvelist": ["CVE-2012-4929", "CVE-2012-6075", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0292", "CVE-2013-0338", "CVE-2013-0871", "CVE-2013-1619"], "lastseen": "2018-06-07T05:58:53"}], "vmware": [{"id": "VMSA-2013-0009", "type": "vmware", "title": "VMware vSphere, ESX and ESXi updates to third party libraries", "description": "a. vCenter Server and ESX userworld update for OpenSSL library \n\n\nThe userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "published": "2013-07-31T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2013-0009.html", "cvelist": ["CVE-2013-0166", "CVE-2013-0871", "CVE-2013-0268", "CVE-2013-0169", "CVE-2013-0338", "CVE-2013-2116"], "lastseen": "2016-09-04T11:19:26"}], "gentoo": [{"id": "GLSA-201312-03", "type": "gentoo", "title": "OpenSSL: Multiple Vulnerabilities", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL 1.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.0j\"\n \n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8y\"", "published": "2013-12-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201312-03", "cvelist": ["CVE-2013-0166", "CVE-2012-2333", "CVE-2006-7250", "CVE-2013-0169", "CVE-2012-1165", "CVE-2012-2686", "CVE-2012-2110", "CVE-2012-0884", "CVE-2011-1945"], "lastseen": "2016-09-06T19:47:04"}], "cert": [{"id": "VU:737740", "type": "cert", "title": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "description": "### Overview\n\nFiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o).\n\n### Description\n\nFiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier uses OpenSSL for SSL/TLS encryption. The version of OpenSSL that comes with the Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier is 0.9.8o that is out of date and known to be vulnerable. \n \n--- \n \n### Impact\n\nA remote attacker may be able to cause a denial of service or possibly run arbitrary code. \n \n--- \n \n### Solution\n\n**Apply an Update**\n\nApply patch 1-1IJ6ZK. The patch will upgrade OpenSSL to version 0.9.8x. Patch 1-1IJ6ZK can be obtained from [Xerox tech support](<http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64>). \n \n--- \n \n**Restrict access** \n \nAs a general good security practice, only allow connections from trusted hosts and networks. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEFI| | 18 Dec 2012| 18 Mar 2013 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23737740 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.9 | AV:A/AC:M/Au:N/C:P/I:P/A:C \nTemporal | 5.1 | E:U/RL:OF/RC:C \nEnvironmental | 1.0 | CDP:L/TD:L/CR:L/IR:L/AR:L \n \n### References\n\n * [http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&amp;operatingSystem;=win7x64](<http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedProduct=fiery-exp260&operatingSystem=win7x64>)\n * <https://www.openssl.org/news/vulnerabilities.html>\n * <http://w3.efi.com/Fiery>\n\n### Credit\n\nThanks to Curtis Rhodes for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n * CVE IDs: [CVE-2013-0169](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169>) [CVE-2013-0166](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166>) [CVE-2012-2333](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2333>) [CVE-2012-0884](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0884>) [CVE-2011-4619](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619>) [CVE-2011-4577](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577>) [CVE-2011-4576](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576>) [CVE-2011-4109](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4109>) [CVE-2011-4108](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108>) [CVE-2010-4180](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4180>) [CVE-2010-3864](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3864>)\n * Date Public: 18 Mar 2013\n * Date First Published: 18 Mar 2013\n * Date Last Updated: 02 May 2013\n * Document Revision: 29\n\n", "published": "2013-03-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/737740", "cvelist": ["CVE-2013-0166", "CVE-2013-0166", "CVE-2012-2333", "CVE-2012-2333", "CVE-2011-4108", "CVE-2011-4108", "CVE-2013-0169", "CVE-2013-0169", "CVE-2011-4576", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4577", "CVE-2010-4180", "CVE-2010-4180", "CVE-2011-4619", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-0884", "CVE-2010-3864", "CVE-2010-3864", "CVE-2011-4109", "CVE-2011-4109"], "lastseen": "2016-02-03T09:12:14"}], "suse": [{"id": "SUSE-SU-2015:0578-1", "type": "suse", "title": "Security update for compat-openssl097g (important)", "description": "OpenSSL has been updated to fix various security issues:\n\n *\n\n CVE-2014-3568: The build option no-ssl3 was incomplete.\n\n *\n\n CVE-2014-3566: Support for TLS_FALLBACK_SCSV was added.\n\n *\n\n CVE-2014-3508: An information leak in pretty printing functions was\n fixed.\n\n *\n\n CVE-2013-0166: A OCSP bad key DoS attack was fixed.\n\n *\n\n CVE-2013-0169: An SSL/TLS CBC plaintext recovery attack was fixed.\n\n *\n\n CVE-2014-3470: Anonymous ECDH denial of service was fixed.\n\n *\n\n CVE-2014-0224: A SSL/TLS MITM vulnerability was fixed.\n\n *\n\n CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect\n results on some platforms, including x86_64.\n\n *\n\n CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH\n ciphersuites with the server key exchange message omitted.\n\n *\n\n CVE-2014-8275: Fixed various certificate fingerprint issues.\n\n *\n\n CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites\n\n *\n\n CVE-2015-0205: A fix was added to prevent use of DH client\n certificates without sending certificate verify message.\n\n *\n\n CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that\n could be exploited by attackers when e.g. client authentication is used.\n This could be exploited over SSL connections.\n\n *\n\n CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed.\n This problem can not be exploited over regular SSL connections, only if\n specific client programs use specific ASN.1 routines.\n\n *\n\n CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was\n fixed, which could lead to crashes. This function is not commonly used,\n and not reachable over SSL methods.\n\n *\n\n CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed,\n which could lead to crashes of programs using the PKCS7 APIs. The SSL apis\n do not use those by default.\n\n *\n\n CVE-2015-0292: Various issues in base64 decoding were fixed, which\n could lead to crashes with memory corruption, for instance by using\n attacker supplied PEM data.\n\n *\n\n CVE-2015-0293: Denial of service via reachable assert in SSLv2\n servers, could be used by remote attackers to terminate the server\n process. Note that this requires SSLv2 being allowed, which is not the\n default.\n\n", "published": "2015-03-24T00:05:09", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", "cvelist": ["CVE-2013-0166", "CVE-2014-3508", "CVE-2014-3566", "CVE-2014-3572", "CVE-2013-0169", "CVE-2015-0286", "CVE-2015-0288", "CVE-2014-0224", "CVE-2014-8275", "CVE-2014-3570", "CVE-2014-3470", "CVE-2015-0293", "CVE-2015-0204", "CVE-2015-0287", "CVE-2015-0289", "CVE-2014-3568", "CVE-2015-0292", "CVE-2015-0205"], "lastseen": "2016-09-04T11:23:40"}, {"id": "OPENSUSE-SU-2016:0640-1", "type": "suse", "title": "Security update for libopenssl0_9_8 (important)", "description": "This update for libopenssl0_9_8 fixes the following issues:\n\n - CVE-2016-0800 aka the &quot;DROWN&quot; attack (bsc#968046): OpenSSL was\n vulnerable to a cross-protocol attack that could lead to decryption of\n TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites\n as a Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to:\n\n * Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment variable\n &quot;OPENSSL_ALLOW_SSL2&quot; or by using SSL_CTX_clear_options using the\n SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already disabled SSL\n protocol 2 by default previously.\n\n * Disable all weak EXPORT ciphers by default. These can be reenabled if\n required by old legacy software using the environment variable\n &quot;OPENSSL_ALLOW_EXPORT&quot;.\n\n - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions\n had a bug that could result in an attempt to de-reference a NULL pointer\n leading to crashes. This could have security consequences if these\n functions were ever called by user applications with large untrusted\n hex/decimal data. Also, internal usage of these functions in OpenSSL\n uses data from config files or application command line arguments. If\n user developed applications generated config file data based on\n untrusted data, then this could have had security consequences as well.\n\n - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr()\n and doapr_outch() functions could miscalculate the length of a string\n and attempt to access out-of-bounds memory locations. These problems\n could have enabled attacks where large amounts of untrusted data is\n passed to the BIO_*printf functions. If applications use these functions\n in this way then they could have been vulnerable. OpenSSL itself uses\n these functions when printing out human-readable dumps of ASN.1 data.\n Therefore applications that print this data could have been vulnerable\n if the data is from untrusted sources. OpenSSL command line applications\n could also have been vulnerable when they print out ASN.1 data, or if\n untrusted data is passed as command line arguments. Libssl is not\n considered directly vulnerable.\n\n\n - The package was updated to 0.9.8zh:\n * fixes many security vulnerabilities (not seperately listed):\n CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,\n CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287,\n CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,\n CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204,\n CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568,\n CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,\n CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221,\n CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169,\n CVE-2013-0166\n\n - avoid running OPENSSL_config twice. This avoids breaking engine loading.\n (boo#952871, boo#967787)\n\n - fix CVE-2015-3197 (boo#963415)\n * SSLv2 doesn't block disabled ciphers\n\n", "published": "2016-03-03T14:11:44", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "cvelist": ["CVE-2013-0166", "CVE-2014-3505", "CVE-2014-3508", "CVE-2015-1792", "CVE-2014-3566", "CVE-2015-3197", "CVE-2014-3572", "CVE-2015-1789", "CVE-2013-0169", "CVE-2015-0286", "CVE-2014-3507", "CVE-2015-3195", "CVE-2014-3571", "CVE-2014-0076", "CVE-2016-0799", "CVE-2015-0288", "CVE-2014-0224", "CVE-2014-8275", "CVE-2016-0797", "CVE-2014-3570", "CVE-2014-3470", "CVE-2014-3506", "CVE-2015-0293", "CVE-2015-1788", "CVE-2014-0195", "CVE-2015-0209", "CVE-2014-3567", "CVE-2015-0204", "CVE-2016-0800", "CVE-2015-1790", "CVE-2014-3510", "CVE-2015-0287", "CVE-2015-0289", "CVE-2014-3568", "CVE-2014-3569", "CVE-2015-1791", "CVE-2014-0221"], "lastseen": "2016-09-04T12:32:46"}]}}