RetroBBS - comp.sys.tandem - ITUGLIB Update: OpenSSL 3.1.1, 3.0.9, 1.1.1u Available

ITUGLIB Update: OpenSSL 3.1.1, 3.0.9, 1.1.1u Available

<1bae09a4-8c6a-4416-8be3-018cbad87ffcn@googlegroups.com>

https://www.rocksolidbbs.com/computers/article-flat.php?id=644&group=comp.sys.tandem#644

X-Received: by 2002:ad4:5a43:0:b0:626:28c7:2078 with SMTP id ej3-20020ad45a43000000b0062628c72078mr1720478qvb.11.1685716744496;
Fri, 02 Jun 2023 07:39:04 -0700 (PDT)
X-Received: by 2002:a81:a703:0:b0:565:ebd4:304d with SMTP id
e3-20020a81a703000000b00565ebd4304dmr71059ywh.4.1685716744234; Fri, 02 Jun
2023 07:39:04 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Fri, 2 Jun 2023 07:39:04 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=2607:fea8:3fa9:4200:d03d:ec54:2ec1:dc89;
posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 2607:fea8:3fa9:4200:d03d:ec54:2ec1:dc89
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <1bae09a4-8c6a-4416-8be3-018cbad87ffcn@googlegroups.com>
Subject: ITUGLIB Update: OpenSSL 3.1.1, 3.0.9, 1.1.1u Available
From: rsbecker@nexbridge.com (Randall)
Injection-Date: Fri, 02 Jun 2023 14:39:04 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

by: Randall - Fri, 2 Jun 2023 14:39 UTC

Hi Everyone,

A new set of fix releases are available for OpenSSL. The release is a result of CVE-2023-2650, which is considered Moderate on 3.x and Low on 1.1.1. This CVE relates to problems with ASN.1 parsing.

Some details on this patch:

OpenSSL 3.1.1 is a fix to the initial release 3.1.0 for OSS. This release should be source and binary compatible with the 3.0.x series, so ITUGLIB releases built for 3.0 should work. There are 64- and 32-bit threaded and unthreaded packages for this release. Note: that the end of life date for 3.1.x is nearer than 3.0.x. The L-series build for this release should work without coreutils PRNGD running.

OpenSSL 3.0.9 is a fix to the 3.0.8 release for OSS. This is the preferred "go to" release. There are 64- and 32-bit threaded and unthreaded packages for this release. The L-series build for this release should work without coreutils PRNGD running.

OpenSSL 1.1.1u is a fix to 1.1.1t. Note that the 1.1.1 series is currently in a security fix only state. It will go off security support (a.k.a. end of life) on Sept 11, 2023, which is only about 3 months away. This release has a separate IEEE float build for NonStop OSS as well as threaded and unthreaded packages. The 3.x series is built with IEEE by default. This release requires coreutils PRNGD.

Note that the OpenSSL 1.0.2 series has a fix but only if you have a support contract. 1.1.1 will move to the same situation as 1.0.2 in September. I can facilitate support contracts upon request.

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

"Don't think; let the machine do it for you!" -- E. C. Berkeley

computers / comp.sys.tandem / ITUGLIB Update: OpenSSL 3.1.1, 3.0.9, 1.1.1u Available

Subject	Author
ITUGLIB Update: OpenSSL 3.1.1, 3.0.9, 1.1.1u Available	Randall