From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] openssl: Update to version 3.1.4
Date: Fri, 01 Dec 2023 18:01:20 +0100 [thread overview]
Message-ID: <20231201170120.111421-1-adolf.belka@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2063 bytes --]
- IPFire-3.x
- Update from version 3.1.2 to 3.1.4
- Changelog
3.1.4
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
that alter the key or IV length ([CVE-2023-5363]).
3.1.3
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
The POLY1305 MAC (message authentication code) implementation in OpenSSL
does not save the contents of non-volatile XMM registers on Windows 64
platform when calculating the MAC of data larger than 64 bytes. Before
returning to the caller all the XMM registers are set to zero rather than
restoring their previous content. The vulnerable code is used only on newer
x86_64 processors supporting the AVX512-IFMA instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However given the contents of the registers are just
zeroized so the attacker cannot put arbitrary values inside, the most likely
consequence, if any, would be an incorrect result of some application
dependent calculations or a crash leading to a denial of service.
([CVE-2023-4807])
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
openssl/openssl.nm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/openssl/openssl.nm b/openssl/openssl.nm
index 6d5d21863..19214a8e9 100644
--- a/openssl/openssl.nm
+++ b/openssl/openssl.nm
@@ -4,8 +4,8 @@
###############################################################################
name = openssl
-version = 3.1.2
-release = 2
+version = 3.1.4
+release = 1
maintainer = Michael Tremer <michael.tremer(a)ipfire.org>
groups = System/Libraries
--
2.42.1
reply other threads:[~2023-12-01 17:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231201170120.111421-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox