LibreSSL 2.7.4, 2.6.5 Released
13 June, 2018 by email@example.com | openbsd
We have released LibreSSL 2.7.4 and 2.6.5, security updates for the current stable release branches. They contain the following changes: * Avoid a timing side-channel leak when generating DSA and ECDSA signatures. This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group, CVE-2018-0495. * Reject excessively large primes in DH key generation. Problem reported by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.