Author |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1266 Location: Amsterdam, NL, EU
|
Posted: Fri 06 Sep '19 16:37 Post subject: OpenSSL releases 10-Sep-2019: last ever 1.1.0 |
|
|
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t.
These releases will be made available on 10th September 2019 between approximately 1200-1600 UTC.
These are security fix releases. The highest severity security issue fixed by these releases is rated as LOW.
Please note that this is expected to be the last release of 1.1.0 before it goes out of support on 11th September 2019.
Yours
The OpenSSL Project Team |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
|
Back to top |
|
admin Site Admin
Joined: 15 Oct 2005 Posts: 692
|
Posted: Sat 14 Sep '19 11:13 Post subject: |
|
|
Issues fixed by these releases are rated as LOW.
I doubt that users are dealing with this issues.
But when someone is dealing with these issues, can let us know. |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3092 Location: Hilversum, NL, EU
|
Posted: Thu 19 Sep '19 14:10 Post subject: |
|
|
Words from OpenSSL:
CVE-2019-1549 is related to how we reseed the random number generator in the event of a "fork". Since windows lacks the capability to do fork it is not a problem on that platform. |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3092 Location: Hilversum, NL, EU
|
Posted: Tue 24 Sep '19 15:26 Post subject: |
|
|
Because IAVA 2019-A-0303 was published and requiring compliance in some industries I was asked to build Win64 VS16/VC14.
Just to share:
Removed
Ps.
IAVA is a US Department of Defense cyber security notice that stands for "Information Assurance Vulnerability Alert". Only regularly available to DoD personnel and considered For Official Use Only or FOUO.
Last edited by Steffen on Wed 18 Mar '20 12:53; edited 1 time in total |
|
Back to top |
|
lordcochise
Joined: 24 Oct 2019 Posts: 1 Location: United States
|
Posted: Fri 25 Oct '19 17:05 Post subject: |
|
|
FWIW we have to comply with PCI now, and this came up the other day, appreciate the update |
|
Back to top |
|
blackbird
Joined: 10 Nov 2016 Posts: 4 Location: USA
|
Posted: Wed 12 Feb '20 18:15 Post subject: |
|
|
Hello Steffen,
The OpenSSL-1.0.2t.rar is very useful. Is it possible to have Win64 VC14 OpenSSL 1.0.2u or later version? Thanks! |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3092 Location: Hilversum, NL, EU
|
Posted: Wed 12 Feb '20 18:45 Post subject: |
|
|
Apache 2.4.42 is in discussion for a release. When available it is shipped with the latest.
How urgent is it for you ? |
|
Back to top |
|
blackbird
Joined: 10 Nov 2016 Posts: 4 Location: USA
|
Posted: Wed 12 Feb '20 19:26 Post subject: |
|
|
The security guy asked me to update it soon. What is the estimated release date for 2.4.42? I can tell him about it. Thanks |
|
Back to top |
|
blackbird
Joined: 10 Nov 2016 Posts: 4 Location: USA
|
Posted: Wed 12 Feb '20 20:05 Post subject: |
|
|
I just downloaded openssl-1.0.2u-x64_86-win64.zip binary from fulgan, put three openssl files into Apache24/bin, seems it is working well. I am not sure if there are any problems. |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3092 Location: Hilversum, NL, EU
|
Posted: Thu 20 Feb '20 11:43 Post subject: |
|
|
Be warned to use third party DLL's, you must absolute sure it is not manipulated.
And in the fulgan case, you are not sure witch Compiler linker is used MINGW (can give issues) or Visual Studio (when not the same VC version, can give issues).
So do not use in production.
You are save when you download a Apache Binary from here with OpenSSL included en use PGP and/or the check-sums. |
|
Back to top |
|
Jan-E
Joined: 09 Mar 2012 Posts: 1266 Location: Amsterdam, NL, EU
|
|
Back to top |
|