| gnutls-dane-3.3.29-8.el7.i686
[34 KiB] |
Changelog
by Anderson Sasaki (2018-07-20):
- Backported --sni-hostname option which allows overriding the hostname
advertised to the peer (#1444792)
- Improved counter-measures in TLS CBC record padding for lucky13 attack
(CVE-2018-10844, #1589704, CVE-2018-10845, #1589707)
- Added counter-measures for "Just in Time" PRIME + PROBE cache-based attack
(CVE-2018-10846, #1589708)
- Address p11tool issue in object deletion in batch mode (#1375307)
- Backport PKCS#11 tests from master branch. Some tests were disabled due to
unsupported features in 3.3.x (--load-pubkey and --test-sign options, ECC key
generation without login, and certificates do not inherit ID from the private
key)
- p11tool explicitly marks certificates and public keys as NOT private objects
and private keys as private objects
- Enlarge buffer size to support resumption with large keys (#1542461)
- Legacy HMAC-SHA384 cipher suites were disabled by default
- Added DSA key generation to p11tool (#1464896)
- Address session renegotiation issue using client certificate (#1434091)
- Address issue when importing private keys into Atos HSM (#1460125)
|
| gnutls-dane-3.3.29-8.el7.x86_64
[34 KiB] |
Changelog
by Anderson Sasaki (2018-07-20):
- Backported --sni-hostname option which allows overriding the hostname
advertised to the peer (#1444792)
- Improved counter-measures in TLS CBC record padding for lucky13 attack
(CVE-2018-10844, #1589704, CVE-2018-10845, #1589707)
- Added counter-measures for "Just in Time" PRIME + PROBE cache-based attack
(CVE-2018-10846, #1589708)
- Address p11tool issue in object deletion in batch mode (#1375307)
- Backport PKCS#11 tests from master branch. Some tests were disabled due to
unsupported features in 3.3.x (--load-pubkey and --test-sign options, ECC key
generation without login, and certificates do not inherit ID from the private
key)
- p11tool explicitly marks certificates and public keys as NOT private objects
and private keys as private objects
- Enlarge buffer size to support resumption with large keys (#1542461)
- Legacy HMAC-SHA384 cipher suites were disabled by default
- Added DSA key generation to p11tool (#1464896)
- Address session renegotiation issue using client certificate (#1434091)
- Address issue when importing private keys into Atos HSM (#1460125)
|
| gnutls-dane-3.3.26-9.el7.i686
[33 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2017-05-26):
- Address crash in OCSP status request extension, by eliminating the
unneeded parsing (CVE-2017-7507, #1455828)
|
| gnutls-dane-3.3.26-9.el7.x86_64
[33 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2017-05-26):
- Address crash in OCSP status request extension, by eliminating the
unneeded parsing (CVE-2017-7507, #1455828)
|
| gnutls-dane-3.3.8-14.el7_2.x86_64
[31 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2015-12-09):
- Prevent downgrade attack to RSA-MD5 in server key exchange.
|
| gnutls-dane-3.3.8-14.el7_2.i686
[31 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2015-12-09):
- Prevent downgrade attack to RSA-MD5 in server key exchange.
|
| gnutls-dane-3.1.18-10.el7_0.i686
[50 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2014-11-07):
- Applied fix for CVE-2014-8564 (#1161472)
|
| gnutls-dane-3.1.18-10.el7_0.x86_64
[50 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2014-11-07):
- Applied fix for CVE-2014-8564 (#1161472)
|
| gnutls-dane-3.1.18-9.el7_0.i686
[49 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2014-05-28):
- fix session ID length check (#1102027)
- fixes null pointer dereference (#1101727)
|
| gnutls-dane-3.1.18-9.el7_0.x86_64
[50 KiB] |
Changelog
by Nikos Mavrogiannopoulos (2014-05-28):
- fix session ID length check (#1102027)
- fixes null pointer dereference (#1101727)
|