1. Forum
  2. Usenet
  3. COMP.SYS.TANDEM

  • ITUGLIB Update: OpenSSL 3.0.12 and 3.1.4 Available

    From Randall@21:1/5 to All on Wed Oct 25 10:42:16 2023
    The latest patches for the OpenSSL 3.0.x and 3.1.x series are now available on the ITUGLIB website. Release notes are available at https://www.openssl.org/news/openssl-3.0-notes.html and https://www.openssl.org/news/openssl-3.1-notes.html.

    Both releases contain fixes for CVE-2023-5363 (Moderate) - Incorrect cipher key & IV length processing described in the release notes.

    The 3.2 series is still in alpha state. If you are interested in testing with this series, please let ITUGLIB know here. This series is not binary compatible with the 3.0.x and 3.1.x series, so you will need to recompile your code to use it. At present,
    we are not planning to release a 3.2 build until it reaches beta state.

    The 1.1.1 and 1.0.2 series are no longer under official support, and do not receive security updates, so you should move off those releases. If you cannot move off those releases, please contact me to facilitate fee-based premium support from OpenSSL to
    obtain patched builds.

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Randall on Wed Oct 25 14:39:22 2023
    On Wednesday, October 25, 2023 at 5:17:19 p.m. UTC-4, Randall wrote:
    On Wednesday, October 25, 2023 at 1:42:17 p.m. UTC-4, Randall wrote:
    The latest patches for the OpenSSL 3.0.x and 3.1.x series are now available on the ITUGLIB website. Release notes are available at https://www.openssl.org/news/openssl-3.0-notes.html and https://www.openssl.org/news/openssl-3.1-notes.html.

    Both releases contain fixes for CVE-2023-5363 (Moderate) - Incorrect cipher key & IV length processing described in the release notes.

    The 3.2 series is still in alpha state. If you are interested in testing with this series, please let ITUGLIB know here. This series is not binary compatible with the 3.0.x and 3.1.x series, so you will need to recompile your code to use it. At
    present, we are not planning to release a 3.2 build until it reaches beta state.

    The 1.1.1 and 1.0.2 series are no longer under official support, and do not receive security updates, so you should move off those releases. If you cannot move off those releases, please contact me to facilitate fee-based premium support from OpenSSL
    to obtain patched builds.

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee
    Please be aware that 3.0.12 has already had reports of breakage in the pkcs11 engine and with coreutils prngd. Please let ITUGLIB know here if you encounter any problems.

    Update: The pkcs11 engine issue appears to relates to atexit() processing, which I dealt with on NonStop a while ago, and memory leaks (which have no real impact after a process exits), so we appear to be safe for now.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Randall on Wed Oct 25 14:17:17 2023
    On Wednesday, October 25, 2023 at 1:42:17 p.m. UTC-4, Randall wrote:
    The latest patches for the OpenSSL 3.0.x and 3.1.x series are now available on the ITUGLIB website. Release notes are available at https://www.openssl.org/news/openssl-3.0-notes.html and https://www.openssl.org/news/openssl-3.1-notes.html.

    Both releases contain fixes for CVE-2023-5363 (Moderate) - Incorrect cipher key & IV length processing described in the release notes.

    The 3.2 series is still in alpha state. If you are interested in testing with this series, please let ITUGLIB know here. This series is not binary compatible with the 3.0.x and 3.1.x series, so you will need to recompile your code to use it. At present,
    we are not planning to release a 3.2 build until it reaches beta state.

    The 1.1.1 and 1.0.2 series are no longer under official support, and do not receive security updates, so you should move off those releases. If you cannot move off those releases, please contact me to facilitate fee-based premium support from OpenSSL
    to obtain patched builds.

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee

    Please be aware that 3.0.12 has already had reports of breakage in the pkcs11 engine and with coreutils prngd. Please let ITUGLIB know here if you encounter any problems.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)