More OpenSSL security fixes

Discussion in 'privacy technology' started by BoerenkoolMetWorst, Aug 7, 2014.

  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL Security Advisory [15th January 2024]
    Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
    https://mta.openssl.org/pipermail/openssl-announce/2024-January/000289.html

     
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    New OpenSSL Releases
    By Tomas Mraz - Tue Jan 23 16:26:59 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-January/000291.html

    Note by me:
    With all due respect, I do prefer the announcements made by Matt Caswell:
    OpenSSL Security Advisory
    By Matt Caswell - Thu Jan 25 18:43:35 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-January/000292.html
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    Upcoming Webinar: Writing Your First OpenSSL Application
    Tue Mar 19 07:46:07 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-March/000296.html

    Read there more.
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL version 3.3.0-alpha1 published
    Wed Mar 20 13:35:23 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-March/000297.html

    Read there more.
     
  5. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL Security Advisory
    Mon Apr 8 13:59:11 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-April/000299.html

    Read there more.
     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL version 3.3.0 published
    Tue Apr 9 12:56:00 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-April/000300.html

    Read there more!
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    Upcoming Webinar: Writing a TLS Client
    Tue Apr 16 05:37:52 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-April/000301.html

    Read there more.
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    IMPORTANT

    Releases Distribution Changes
    by Dmitry Misharov - DevOps Engineer -
    Thu May 2 07:31:46 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-May/000302.html

    ==========
    Blogpost
    Releases Distribution Changes
    https://openssl.org/blog/blog/2024/04/30/releases-distribution-changes/
    Posted by Dmitry Misharov •Apr 30th, 2024 4:00 pm

    === Full quoting ===

    I’d like to give you a heads-up about some changes we’re making at OpenSSL. We’re simplifying how you can get our software, and that means we’re phasing out some older methods that don’t quite fit with the way the web works today.

    We’re no longer using our old ftp, rsync, and git links for distributing OpenSSL. These were great in their day, but it’s time to move on to something better and safer. ftp://ftp.openssl.org and rsync://rsync.openssl.org are not available anymore. As of June 1, 2024, we’re also going to shut down https://ftp.openssl.org and git://git.openssl.org/openssl.git mirrors.

    GitHub is becoming the main distributor of the OpenSSL releases. So here is the transition plan. The steps will be spaced in 2-week intervals to gather and respond to any eventual feedback:
    •Starting from the next patch release the tarballs will be uploaded only to GitHub, the download link at openssl.org/source will redirect to the corresponding release at github.com.
    •One frequently downloaded old release at openssl.org/source will redirect to the corresponding release at github.com.
    •All remaining frequently downloaded releases at openssl.org/source will redirect to the corresponding releases at github.com.

    Why change things? Well, here are a couple of straightforward reasons:
    •Safety first: The web’s come a long way in terms of security, and sticking to HTTPS helps keep everyone safer.
    •Keeping it simple: Fewer methods of distribution mean less clutter and confusion, letting us focus on making OpenSSL even better.
    •Watching the budget: Streamlining things cuts costs, which means we can spend more on improving OpenSSL and supporting you all.

    That being said, the main source of OpenSSL releases will be OpenSSL GitHub. OpenSSL Source will remain only for backward compatibility and will redirect to GitHub.

    Thanks so much for sticking with us. These updates will help us keep improving and ensure you have the best and safest experience using OpenSSL.

    Cheers!

    === end of quoting ===
     
  10. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL Security Advisory
    Excessive time spent checking DSA keys and parameters (CVE-2024-4603)

    Thu May 16 16:03:51 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-May/000303.html

     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    Upcoming Webinar: Getting Started with QUIC and OpenSSL
    Tue May 21 17:45:28 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-May/000304.html

    Read there more.
     
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    Upcoming New OpenSSL Releases - 4th June 2024

    https://mta.openssl.org/pipermail/openssl-announce/2024-May/000305.html

     
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
  14. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL Security Advisory - Thu Jun 27 10:24:27 UTC 2024
    SSL_select_next_proto buffer overread (CVE-2024-5535)
    https://mta.openssl.org/pipermail/openssl-announce/2024-June/000311.html

    Read there more.
     
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    Two seperate and different postings will follow today
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    Join Our Exclusive Webinar on Performance Tuning and Fetching with OpenSSL

    Kajal Sapkota
    Wed Jul 24 04:33:15 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-July/000312.html

    Read there more!
     
  17. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL New Governance Structure and Two New Projects

    Kajal Sapkota
    Wed Jul 24 13:05:55 UTC 2024
    https://mta.openssl.org/pipermail/openssl-announce/2024-July/000313.html

    See also the blog:
    New Governance Structure and New Projects under the Mission
    Jul 24, 2024
    https://openssl-library.org/post/2024-07-24-openssl-new-governance-structure/

    Read there more !! Too much to quote.
     
  18. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    I noticed a little strange thing at https://mta.openssl.org/pipermail/openssl-announce/
    The archive for July 2024 is suddenly nomore there.
    It was about:
    1.
    Webinar on Performance Tuning and Fetching with OpenSSL
    See my reply #141
    2.
    OpenSSL New Governance Structure and Two New Projects
    See my reply #142
    At least that one is still to find here:
    https://openssl-library.org/post/2024-07-24-openssl-new-governance-structure/

    I don't know the reason(s).
    Let's wait what will happen with the next announcements (whenever that will happen).
     
  19. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,781
    OpenSSL Security Advisory [3rd September 2024]
    Possible denial of service in X.509 name checks (CVE-2024-6119)
    Severity: Moderate


    https://openssl-library.org/news/secadv/20240903.txt

    Read there more!

    ==========

    Newslog
    https://openssl-library.org/news/newslog/index.html

    You can read there more.
    Also about a Alpha 1 of OpenSSL 3.4

    ==========

    Notes by me

    As I previously posted in reply # 143 :
    The last post in The openssl-announce Archives here:
    https://mta.openssl.org/pipermail/openssl-announce/
    was from June 2024 (and some later postings there were later removed).

    I don't see there the announcements from 03 September 2024 and 05 September 2024 mentioned.
    I don't know whether that means that further announcements will not be mentioned there any more. But I don't like it if that is the case...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.