| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: openssl-support | Distribution: Trustix Secure Linux |
| Version: 0.9.7e | Vendor: Comodo Trustix |
| Release: 8tr | Build date: Fri Sep 29 20:22:44 2006 |
| Group: Trustix Official | Build host: ttrmgtnived.comodo.net |
| Size: 12923 | Source RPM: openssl-0.9.7e-8tr.src.rpm |
| Packager: Comodo Trustix <http://www.trustix.com> | |
| Url: http://www.openssl.org | |
| Summary: Secure Sockets Layer communications support utilities. | |
A C library that provides various crytographic algorithms and protocols, including DES, RC4, RSA, and SSL. Includes support utilities.
BSD-like
* Fri Sep 29 2006 Nived Gopalan <nived at trustix dot org> 0.9.7e-8tr
- SECURITY Fix: Dr. S. N. Henson has discovered vulnerabilities in
OpenSSL which could be exploited by attackers to cause denial of
service.
- During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory.
- Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack.
- Tavis Ormandy and Will Drewry of the Google Security Team has
discovered the following two vulnerabilities in OpenSSL :
- Fix buffer overflow in SSL_get_shared_ciphers() utility function
which could allow an attacker to send a list of ciphers to an
application that uses it and overrun a buffer.
- A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a
malicious server, that server could cause the client to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738
and CVE-2006-4343 to these issues.
* Wed Sep 06 2006 Bipin S <bipin at trustix dot org> 0.9.7e-7tr
- New Upstream.
- SECURITY FIX: A vulnerability has been identified which could be exploited
by attackers to bypass security restrictions. This flaw is due to an error
when handling and verifying RSA keys with exponent 3, which could be
exploited by attackers to forge PKCS #1 v1.5 signatures and bypass
security verifications.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-4339.
* Wed Oct 12 2005 Ajith Thampi <ajith at comodo dot com> 0.9.7e-6tr
- SECURITY Fix: Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
(part of SSL_OP_ALL). This option used to disable the countermeasure
against man-in-the-middle protocol-version rollback in the SSL 2.0 server
implementation, which is a bad idea.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-2969
* Thu Jun 09 2005 Syed Shabir Zakiullah <syedshabir at comodo dot com> 0.9.7e-5tr
- Security Fix: Colin Percival reported a cache timing attack that could be used to
allow a malicious local user to gain portions of cryptographic keys. The OpenSSL
library has been patched to add a new fixed-window mod_exp implementation as
default for RSA, DSA, and DH private key operations. The patch was designed to
mitigate cache timing and possibly related attacks.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0109 to this issue.
* Tue Nov 09 2004 Oystein Viggen <oysteivi at trustix dot com> 0.9.7e-4tr
- Rebuild with correct permissions
* Tue Nov 09 2004 Oystein Viggen <oysteivi at trustix dot com> 0.9.7e-3tr
- Fix symlink problems for .so in devel package
* Thu Nov 04 2004 Oystein Viggen <oysteivi at trustix dot com> 0.9.7e-2tr
- Remove der_chop
* Thu Oct 28 2004 Erlend Midttun <erlendbm at trustix dot com> 0.9.7e-1tr
- New upstream.
* Thu Sep 09 2004 Erlend Midttun <erlendbm at trustix dot com> 0.9.7d-1tr
- New upstream.
* Tue Jun 22 2004 Chr. Toldnes <christht at trustix dot org> 0.9.7c-13tr
- Merge changes from 0.9.7c-11tr
* Wed Jun 02 2004 Chr. Toldnes <christht at trustix dot org> 0.9.7c-12tr
- Take a step back.
* Tue Mar 16 2004 Oystein Viggen <oysteivi at trustix dot com> 0.9.7c-5tr
- Patch two potential DoS holes:
CAN-2004-0079, CAN-2004-0112
* Wed Nov 26 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7c-2tr
- Big rebuild
* Tue Sep 30 2003 Chr. Toldnes <christht at tawie dot org> 0.9.7c-1tsl
- upstrema security fixes
* Mon Jun 23 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7b-3tr
- Added %defattr.
* Wed Jun 18 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7b-2tr
- Big rebuild
* Fri May 23 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7b-1em
- New upstream.
* Mon Mar 24 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7a-4em
- Rebuilt against glibc 2.3.2.
* Thu Mar 20 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7a-3em
- Apply patch against the blinding attack known as CAN-2003-0147
- Apply patch against the Klima-Pokorny-Rose attack. CAN-2003-131
* Thu Feb 27 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7a-2em
- Make setup quiet.
* Thu Feb 20 2003 Christian H. Toldnes <christht at trustix dot org> 0.9.7a-1ct
- Upstream securityfix
- move *.so to devel
- finally openssl seems backwards compatible between 0.9.7 and 0.9.7{a-z}
* Thu Feb 13 2003 Erlend Midttun <erlendbm at trustix dot com> 0.9.7-3em
- Fix include of non-exported file e_os.h
* Wed Jan 29 2003 Goetz Bock <bock at trustix dot org> 0.9.7-2bg
- added patch to use perl from /usr/bin/perl (patch2)
- renamed passwd to passwd_openssl (patch3), as shadow-utils
provides passwd
- removed MD5.3 manpage, as it conflicts with perl
- removed doc/* from %doc, as all the files are included as man pages
* Thu Jan 16 2003 Gerald Dachs <gda at trustix dot org> 0.9.7-1gd
- new upstream version (bug 16)
- swig 1.3.17
- m2crypto 0.09
- changed target cpu
- rsaref disappeared, removed files
- changed types for python extension (Patch 1)
- removed c++ patch
* Tue Dec 24 2002 Gerald Dachs <gda at trustix dot org> 0.9.6h-1gd
- new upstream version
* Wed Sep 18 2002 Roland Kruse <rolandk at trustix dot com> 0.9.6g-3rk
- Small patch to make des.h usable with C++ (Patch0)
* Fri Sep 13 2002 Erlend Midttun <erlendbm at trustix dot com>
- Added BuildReq python-devel
- Changed include to remove -I.../openssl
* Mon Aug 12 2002 Christian H. Toldnes <christht at trustix dot com> 0.9.6g-1ct
- New upstream version fixes many security issues.
* Wed Jul 10 2002 Christian H. Toldnes <christht at trustix dot com> 0.9.6d-2ct
- Added Provides: libssl.so, libssl.so.0, ect <-- ugly, must fix this later.
- License: BSD-like
* Fri May 31 2002 Christian H. Toldnes <christht at trustix dot com>
- Update: openssl-0.9.6d, swig-1.3.6, m2crypto_0.07-snap3
* Wed Jul 11 2001 Oystein Viggen <oysteivi at trustix dot com>
- Patch a security hole in the prng
* Mon Jun 25 2001 Oystein Viggen <oysteivi at trustix dot com>
- Split off a -support package to remove perl dependancy from main package
* Thu Jun 07 2001 Erlend Midttun <erlendbm at trustix dot com>
- Added a few patches to fix a few issues with 0.9.6. Would upgrade
to 0.9.6a, but that seem to break a load of packages. Patches are
from Engarde, not sure where they got them.
* Wed Mar 07 2001 Alexander Reelsen <ar at trustix dot com>
- Moved libssl.so files completely out of openssl-devel
* Fri Feb 09 2001 Olaf Trygve Berglihn <olafb at trustix dot com>
- Added openssl-python - the python M2Crypto bindings.
* Wed Nov 22 2000 Erlend Midttun <erlendbm at trustix dot com>
- Updated to 0.9.6
* Mon Sep 04 2000 Per Ivar Paulsen <perp at trustix dot com>
- Fixed man bug. openssl.cnf path fix.
* Thu May 18 2000 Erlend Midttun <erlendbm at trustix dot com>
- Updated to version 0.9.5a
* Thu Mar 02 2000 Lars Gaarden <larsg at trustix dot com>
- moved openssl.cnf back to /etc/ssl
* Thu Feb 03 2000 Tore Olsen <toreo at trustix dot com>
- updated to 0.9.4
* Thu Jun 03 1999 Greg LaPolla <glapolla@hotmail.com>
- Added shared lib copy stuff
* Tue Jun 01 1999 Greg LaPolla <glapolla@hotmail.com>
- Created SPEC and patches specific to rh6
/usr/bin/CA.pl /usr/bin/CA.sh /usr/bin/c_hash /usr/bin/c_info /usr/bin/c_issuer /usr/bin/c_name /usr/bin/c_rehash
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon May 20 05:14:22 2013