The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7e5dc8aef7 chromium-119.0.6045.159-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c906d04ee golang-1.20.10-3.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing openssl11-1.1.1k-6.el7 Details about builds: ================================================================================ openssl11-1.1.1k-6.el7 (FEDORA-EPEL-2023-a371f42add) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: - backport from 1.1.1k-11: Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 - backport from 1.1.1k-10: Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 - backport from 1.1.1k-10: Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 25 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.1.1k-6 - backport from 1.1.1k-11: Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 - backport from 1.1.1k-10: Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 - backport from 1.1.1k-10: Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2224962 - CVE-2023-3446 openssl: Excessive time spent checking DH keys and parameters https://bugzilla.redhat.com/show_bug.cgi?id=2224962 [ 2 ] Bug #2227852 - CVE-2023-3817 OpenSSL: Excessive time spent checking DH q parameter value https://bugzilla.redhat.com/show_bug.cgi?id=2227852 [ 3 ] Bug #2248616 - CVE-2023-5678 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow https://bugzilla.redhat.com/show_bug.cgi?id=2248616 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
