[El-errata] ELSA-2017-2292 Moderate: Oracle Linux 7 gnutls security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Aug 8 13:54:59 PDT 2017
Oracle Linux Security Advisory ELSA-2017-2292
http://linux.oracle.com/errata/ELSA-2017-2292.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
gnutls-3.3.26-9.el7.i686.rpm
gnutls-3.3.26-9.el7.x86_64.rpm
gnutls-c++-3.3.26-9.el7.i686.rpm
gnutls-c++-3.3.26-9.el7.x86_64.rpm
gnutls-dane-3.3.26-9.el7.i686.rpm
gnutls-dane-3.3.26-9.el7.x86_64.rpm
gnutls-devel-3.3.26-9.el7.i686.rpm
gnutls-devel-3.3.26-9.el7.x86_64.rpm
gnutls-utils-3.3.26-9.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gnutls-3.3.26-9.el7.src.rpm
Description of changes:
[3.3.26-9]
- Address crash in OCSP status request extension, by eliminating the
unneeded parsing (CVE-2017-7507, #1455828)
[3.3.26-7]
- Address interoperability issue with 3.5.x (#1388932)
- Reject CAs which are both trusted and blacklisted in trust module
(#1375303)
- Added new functions to set issuer and subject ID in certificates
(#1378373)
- Reject connections with less than 1024-bit DH parameters (#1335931)
- Fix issue that made GnuTLS parse only the first 32 extensions (#1383748)
- Mention limitations of certtool in manpage (#1375463)
- Read PKCS#8 files with HMAC-SHA256 -as generated by openssl 1.1 (#1380642)
- Do not link directly to trousers but instead use dlopen (#1379739)
- Fix incorrect OCSP validation (#1377569)
- Added support for pin-value in PKCS#11 URIs (#1379283)
- Added the --id option to p11tool (#1399232)
- Improved sanity checks in RSA key generation (#1444780)
- Addressed CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337,
CVE-2017-7869
More information about the El-errata
mailing list