OpenSSL 3.1.0-alpha1

openssl-3.1.0-alpha1

OpenSSL 3.1.0-alpha1 release tag

OpenSSL 3.0.5

Changelog

• Fixed heap memory corruption with RSA private key operation
  CVE-2022-2274
• Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
  CVE-2022-2097

OpenSSL 1.1.1q

Changelog

• Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
  (CVE-2022-2097)

OpenSSL 3.0.4

Changelog

• Fixed additional bugs in the c_rehash script which was not properly
  sanitising shell metacharacters to prevent command injection
  CVE-2022-2068

OpenSSL 1.1.1p

Changelog

• Fixed additional bugs in the c_rehash script which was not properly
  sanitising shell metacharacters to prevent command injection
  (CVE-2022-2068)

OpenSSL 3.0.3

Changelog

• Fixed a bug in the c_rehash script which was not properly sanitising shell
  metacharacters to prevent command injection CVE-2022-1292
• Fixed a bug in the function OCSP_basic_verify that verifies the signer
  certificate on an OCSP response CVE-2022-1343
• Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
  AAD data as the MAC key CVE-2022-1434
• Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
  occuppied by the removed hash table entries CVE-2022-1473

OpenSSL 1.1.1o

Changelog

• Fixed a bug in the c_rehash script which was not properly sanitising
  shell metacharacters to prevent command injection (CVE-2022-1292)

OpenSSL 3.0.2

Changelog

• Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
  for non-prime moduli CVE-2022-0778

OpenSSL 1.1.1n

Changelog

• Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
  forever for non-prime moduli ([CVE-2022-0778])

OpenSSL 3.0.1

Changelog

• Fixed invalid handling of X509_verify_cert() internal errors in libssl
  CVE-2021-4044
• Allow fetching an operation from the provider that owns an unexportable key
  as a fallback if that is still allowed by the property query.