Opened 23 months ago

Closed 23 months ago

Last modified 23 months ago

#4523 closed task (fixed)

openssl-1.1.1d

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 9.1
Component: Book Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:3 by Bruce Dubbs, 23 months ago

Priority: normalhigh

Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]

  • Fixed a fork protection issue (CVE-2019-1549)
    • LFS Note: Base Score: 5.3 MEDIUM; Impact Score: 1.4; Exploitability Score: 3.9
  • Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
    • Base Score: 3.7 LOW; Impact Score: 1.4; Exploitability Score: 2.2
  • For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters
  • Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547)
    • Base Score: 4.7 MEDIUM; Impact Score: 3.6; Exploitability Score: 1.0
  • Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems
  • Correct the extended master secret constant on EBCDIC systems
  • Use Windows installation paths in the mingw builds (CVE-2019-1552)
    • LFS N/A
  • Changed DH_check to accept parameters with order q and 2q subgroups
  • Significantly reduce secure memory usage by the randomness pools
  • Revert the DEVRANDOM_WAIT feature for Linux systems

comment:4 by Bruce Dubbs, 23 months ago

Resolution: fixed
Status: newclosed

Fixed at revision 11672.

comment:5 by Xi Ruoyao, 23 months ago

On my BLFS system 20-test_enc.t fails while I'm using a normal user. And this issue has been reported and fixed upstream:

https://github.com/openssl/openssl/issues/9866

Can someone reconfirm or disconfirm it?

Note: See TracTickets for help on using tickets.