Fedora 12 Update: openssl-1.0.0-0.13.beta4.fc12

updates at fedoraproject.org updates at fedoraproject.org
Fri Nov 20 05:22:46 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11779
2009-11-20 04:24:44
--------------------------------------------------------------------------------

Name        : openssl
Product     : Fedora 12
Version     : 1.0.0
Release     : 0.13.beta4.fc12
URL         : http://www.openssl.org/
Summary     : A general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Update to a current beta version.    The update also contains changes for
CVE-2009-3555 however it does not prevent the unsafe renegotiation for servers
which use SSL_OP_ALL. The majority of applications does this. Preventing the
unsafe renegotiation by default might break some protocols which depend on
working renegotiation.    The update also disables enforcement of the new safe
renegotiation extension on the client as the extension is not yet supported by
the deployed servers.    It still might break applications which need legacy
renegotiation to work but they should use SSL_OP_ALL option to allow this.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 18 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.13.beta4
- disable enforcement of the renegotiation extension on the client (#537962)
- add fixes from the current upstream snapshot
* Fri Nov 13 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.12.beta4
- keep the beta status in version number at 3 so we do not have to rebuild
  openssh and possibly other dependencies with too strict version check
* Thu Nov 12 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.11.beta4
- update to new upstream version, no soname bump needed 
- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used
  so the compatibility with unfixed clients is not broken. The
  protocol extension is also not final.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #537962 - alpine: ssl/tls negotiation has failed
        https://bugzilla.redhat.com/show_bug.cgi?id=537962
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openssl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list