logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Other Software View previous topic :: View next topic
Reply to topic   Topic: OpenSSL releases 10-Sep-2019: last ever 1.1.0
Author
Jan-E



Joined: 09 Mar 2012
Posts: 976
Location: Amsterdam, NL, EU

PostPosted: Fri 06 Sep '19 16:37    Post subject: OpenSSL releases 10-Sep-2019: last ever 1.1.0 Reply with quote

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t.

These releases will be made available on 10th September 2019 between approximately 1200-1600 UTC.

These are security fix releases. The highest severity security issue fixed by these releases is rated as LOW.

Please note that this is expected to be the last release of 1.1.0 before it goes out of support on 11th September 2019.

Yours

The OpenSSL Project Team
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6661
Location: Germany, Next to Hamburg

PostPosted: Wed 11 Sep '19 13:36    Post subject: Reply with quote

Does this affect apache? I'm not so sure. What do you think?

https://www.openssl.org/news/secadv/20190910.txt
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 595

PostPosted: Sat 14 Sep '19 11:13    Post subject: Reply with quote

Issues fixed by these releases are rated as LOW.

I doubt that users are dealing with this issues.
But when someone is dealing with these issues, can let us know.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2759
Location: Hilversum, NL, EU

PostPosted: Thu 19 Sep '19 14:10    Post subject: Reply with quote

Words from OpenSSL:

CVE-2019-1549 is related to how we reseed the random number generator in the event of a "fork". Since windows lacks the capability to do fork it is not a problem on that platform.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2759
Location: Hilversum, NL, EU

PostPosted: Tue 24 Sep '19 15:26    Post subject: Reply with quote

Because IAVA 2019-A-0303 was published and requiring compliance in some industries I was asked to build Win64 VS16/VC14.

Just to share:

www.apachelounge.com/download/VC14/binaries/Apache24.41-Win64-VC14-OpenSSL-1.0.2t.rar

www.apachelounge.com/download/VS16/binaries/Apache24.41-Win64-VS16-OpenSSL-1.1.1d.rar

Ps.
IAVA is a US Department of Defense cyber security notice that stands for "Information Assurance Vulnerability Alert". Only regularly available to DoD personnel and considered For Official Use Only or FOUO.
Back to top


Reply to topic   Topic: OpenSSL releases 10-Sep-2019: last ever 1.1.0 View previous topic :: View next topic
Post new topic   Forum Index -> Other Software