Updated openssl packages that contain a backported patch to mitigate theCVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5.Red Hat Product Security has rated this update as having Moderate securityimpact.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),Transport Layer Security (TLS), and Datagram Transport Layer Security(DTLS) protocols, as well as a full-strength, general purpose cryptographylibrary.This update adds support for the TLS Fallback Signaling Cipher Suite Value(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgradeattacks against applications which re-connect using a lower SSL/TLSprotocol version when the initial connection indicating the highestsupported protocol version fails.This can prevent a forceful downgrade of the communication to SSL 3.0.The SSL 3.0 protocol was found to be vulnerable to the padding oracleattack when using block cipher suites in cipher block chaining (CBC) mode.This issue is identified as CVE-2014-3566, and also known under the aliasPOODLE. This SSL 3.0 protocol flaw will not be addressed in a futureupdate; it is recommended that users configure their applications torequire at least TLS protocol version 1.0 for secure communication.For additional information about this flaw, see the Knowledgebase articleat https://access.redhat.com/articles/1232123All OpenSSL users are advised to upgrade to these updated packages, whichcontain a backported patch to mitigate the CVE-2014-3566 issue. For theupdate to take effect, all services linked to the OpenSSL library (such ashttpd and other SSL-enabled services) must be restarted or the systemrebooted.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258RHEL Desktop Workstation (v. 5 client)

SRPMS:
openssl-0.9.8e-31.el5_11.src.rpm
    MD5: b544b05b55a75129e0f129075dcb48c2SHA-256: d3e4e413bee9d1d56a041642e31f6f1709cdc2c986bb40443979cb0d2fb65e5e
 
IA-32:
openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    MD5: 7824e046b8a2ef8deb62270966448a4dSHA-256: 5a7c3ccadac74077c88d8e3851abec3027931e2753ddad325cb6ceaf2718b6ec
openssl-devel-0.9.8e-31.el5_11.i386.rpm
    MD5: fa1c71dc7fa8745e6eba6eef6caf3caaSHA-256: 4b71ea5a91735753d9936e37ddc06b5b07b76a975847debf0f769aa6604eafc6
 
x86_64:
openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    MD5: 7824e046b8a2ef8deb62270966448a4dSHA-256: 5a7c3ccadac74077c88d8e3851abec3027931e2753ddad325cb6ceaf2718b6ec
openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 2b19bafc38c92beda509a11699bcc88fSHA-256: 10dc6d45734a5e17017306994f9b1c4076a3b2e891d3ec18677e3caa711700b1
openssl-devel-0.9.8e-31.el5_11.i386.rpm
    MD5: fa1c71dc7fa8745e6eba6eef6caf3caaSHA-256: 4b71ea5a91735753d9936e37ddc06b5b07b76a975847debf0f769aa6604eafc6
openssl-devel-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 5b8130b357d2e14db7e184eae27868a8SHA-256: c8027bdaa5ebcfcd0190ee994cc9832ceaad6d7cc41f5bf69ac1050b3b2e1a2a
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openssl-0.9.8e-31.el5_11.src.rpm
    MD5: b544b05b55a75129e0f129075dcb48c2SHA-256: d3e4e413bee9d1d56a041642e31f6f1709cdc2c986bb40443979cb0d2fb65e5e
 
IA-32:
openssl-0.9.8e-31.el5_11.i386.rpm
    MD5: 21940fe750da3a933310eba6ad40bea7SHA-256: 0579d17d42df96bbce39c50be5aa1e98105ff8c7b2affe2b655b6fb4b849f7f1
openssl-0.9.8e-31.el5_11.i686.rpm
    MD5: b21b63b5d2ffbaa81006d5e4acab3728SHA-256: a7304dda6f42ffd818557c7815a8f02239b5331e8e29d365c8e8ad5751712224
openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    MD5: 7824e046b8a2ef8deb62270966448a4dSHA-256: 5a7c3ccadac74077c88d8e3851abec3027931e2753ddad325cb6ceaf2718b6ec
openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    MD5: a8aa2757b293eca1c4d971474df297d6SHA-256: 3eccd272c43889e9cee97053cfbbd43b53d5afe8f4456e2c296f939d55888d9d
openssl-devel-0.9.8e-31.el5_11.i386.rpm
    MD5: fa1c71dc7fa8745e6eba6eef6caf3caaSHA-256: 4b71ea5a91735753d9936e37ddc06b5b07b76a975847debf0f769aa6604eafc6
openssl-perl-0.9.8e-31.el5_11.i386.rpm
    MD5: 13f934934d8a26143e5d296aa412b89fSHA-256: 81cdd4a14ac6ee4e5faf64ade009a80bd2960eecdb2857be63fb775923514f75
 
IA-64:
openssl-0.9.8e-31.el5_11.i686.rpm
    MD5: b21b63b5d2ffbaa81006d5e4acab3728SHA-256: a7304dda6f42ffd818557c7815a8f02239b5331e8e29d365c8e8ad5751712224
openssl-0.9.8e-31.el5_11.ia64.rpm
    MD5: aafd39c338aecba8071bec891779a433SHA-256: 8aa763d364413a06e93d5fd985842b30d4e00769756c2869a8d4cb9cc402ac75
openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    MD5: a8aa2757b293eca1c4d971474df297d6SHA-256: 3eccd272c43889e9cee97053cfbbd43b53d5afe8f4456e2c296f939d55888d9d
openssl-debuginfo-0.9.8e-31.el5_11.ia64.rpm
    MD5: 19cfe430f04190b0e55fe7ba79dc6db4SHA-256: 4cb98bdabc2579a338767820ad32d335a7d779d9d4e14f3b07a01d7b335d08a6
openssl-devel-0.9.8e-31.el5_11.ia64.rpm
    MD5: 6fc2401a0ac08a8159318cda4d7d2c96SHA-256: 8e4cc8e99d220154ca8f4571701c74cb4c448f996dc9659423b015209b45b518
openssl-perl-0.9.8e-31.el5_11.ia64.rpm
    MD5: f28115e275fdcd8b574f3949f6cf7ba2SHA-256: dbce66b86d73050bcae7e811905402f04f6403f5ec3b342923b42d524364a455
 
PPC:
openssl-0.9.8e-31.el5_11.ppc.rpm
    MD5: f2d5c4c3e61f8118732ef911755bff61SHA-256: 6ffc1862f63465078ceb300491cb3551e198752a53374be936c1ace201aa5d12
openssl-0.9.8e-31.el5_11.ppc64.rpm
    MD5: c2d1d11a4862214c2ef1358553b31514SHA-256: cca873f7dd87bb25bb2cf5d3d5b5afa98de4f7cbfb405a1fc8b42ca419e61b24
openssl-debuginfo-0.9.8e-31.el5_11.ppc.rpm
    MD5: b89faa393414a43386472879fa93e6f2SHA-256: 73dd8b77af8d50ed7785d417ea492c6fb7e5ea48450dc4d3aab218049bd8c192
openssl-debuginfo-0.9.8e-31.el5_11.ppc64.rpm
    MD5: 47c0447694dba3aeee6b4cd515a1a007SHA-256: dd8311a9465a09b7d1d5f35ead0d0710187e127d92d2ed9e913b48badefa4176
openssl-devel-0.9.8e-31.el5_11.ppc.rpm
    MD5: 11b5f16515ac62fc4e579c016a1bfe3bSHA-256: a0efe95a88de73cb4d73806a39c49f2407760bb6688253760f8192530c5577d5
openssl-devel-0.9.8e-31.el5_11.ppc64.rpm
    MD5: 6913d8e9de0f9c2eebb1bc30c0b41b63SHA-256: b39bd5b3c58b6997fb0ed081b21effe969733bd85092664cb5c32b403c812b0a
openssl-perl-0.9.8e-31.el5_11.ppc.rpm
    MD5: 205c2fb2bd81261fb50151e5aeb05ebbSHA-256: 402a0e071336964e753dd0eb4e8d5ae3a36782bc67a16b3786423e54fff5559a
 
s390x:
openssl-0.9.8e-31.el5_11.s390.rpm
    MD5: ad506578a080bca5cb90ed5a9e78aa1fSHA-256: fd66c83a807fb8bfbbeccd5deb91ac6b601ef8fb658b5981ba6b1c596a75b81d
openssl-0.9.8e-31.el5_11.s390x.rpm
    MD5: c8337472b8bcccd7c7350b797c4c57f6SHA-256: 372bf2e90e33bbc442d4c80ed16f9080459f53488ad627bff81e09362e8776d7
openssl-debuginfo-0.9.8e-31.el5_11.s390.rpm
    MD5: 15dc96302ea242c4fe4e1b8670faeccbSHA-256: c5584819537797c8f9a8a9bae7818e152342618dca5878f97fc832e3c1b9baae
openssl-debuginfo-0.9.8e-31.el5_11.s390x.rpm
    MD5: 76812c1b03d49402f9aa83fc2bedb5c6SHA-256: 3704ba2879339daa511902803e7b74ba8a2bca552edceb54c7e47c6e54f53402
openssl-devel-0.9.8e-31.el5_11.s390.rpm
    MD5: 178bd2ba2533da416a59a33b4a184f2aSHA-256: cc206abd6da3b649e6538db9fb1d8f84427f38c9e39e6ff159bd993ceade68aa
openssl-devel-0.9.8e-31.el5_11.s390x.rpm
    MD5: 60f368f85dc67ea57d3bc0f26a656744SHA-256: 0bab266f71d44429c8daa33a1e1c1ff0c3957fb16ed028107ad9976ee5c0a7ad
openssl-perl-0.9.8e-31.el5_11.s390x.rpm
    MD5: 24978c981b9325981870f35940087540SHA-256: 6435995b78cf3668c0a907841cb68a483f0046c6913c580d3429fa1844a0f9f7
 
x86_64:
openssl-0.9.8e-31.el5_11.i686.rpm
    MD5: b21b63b5d2ffbaa81006d5e4acab3728SHA-256: a7304dda6f42ffd818557c7815a8f02239b5331e8e29d365c8e8ad5751712224
openssl-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 826144fe24227565d259f717a9c0c3caSHA-256: 8a06c35c0aab3a30ba58553ce59f1fc3f09ef07a25f1bafd625289ed7f7aaf7f
openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    MD5: 7824e046b8a2ef8deb62270966448a4dSHA-256: 5a7c3ccadac74077c88d8e3851abec3027931e2753ddad325cb6ceaf2718b6ec
openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    MD5: a8aa2757b293eca1c4d971474df297d6SHA-256: 3eccd272c43889e9cee97053cfbbd43b53d5afe8f4456e2c296f939d55888d9d
openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 2b19bafc38c92beda509a11699bcc88fSHA-256: 10dc6d45734a5e17017306994f9b1c4076a3b2e891d3ec18677e3caa711700b1
openssl-devel-0.9.8e-31.el5_11.i386.rpm
    MD5: fa1c71dc7fa8745e6eba6eef6caf3caaSHA-256: 4b71ea5a91735753d9936e37ddc06b5b07b76a975847debf0f769aa6604eafc6
openssl-devel-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 5b8130b357d2e14db7e184eae27868a8SHA-256: c8027bdaa5ebcfcd0190ee994cc9832ceaad6d7cc41f5bf69ac1050b3b2e1a2a
openssl-perl-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 5a5fbfeed55055732c5b68a5b0e0c805SHA-256: 2c32d43aa405383b550af33f836e40300ce6b9dfa88485d3b913cef5a756b05a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openssl-0.9.8e-31.el5_11.src.rpm
    MD5: b544b05b55a75129e0f129075dcb48c2SHA-256: d3e4e413bee9d1d56a041642e31f6f1709cdc2c986bb40443979cb0d2fb65e5e
 
IA-32:
openssl-0.9.8e-31.el5_11.i386.rpm
    MD5: 21940fe750da3a933310eba6ad40bea7SHA-256: 0579d17d42df96bbce39c50be5aa1e98105ff8c7b2affe2b655b6fb4b849f7f1
openssl-0.9.8e-31.el5_11.i686.rpm
    MD5: b21b63b5d2ffbaa81006d5e4acab3728SHA-256: a7304dda6f42ffd818557c7815a8f02239b5331e8e29d365c8e8ad5751712224
openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    MD5: 7824e046b8a2ef8deb62270966448a4dSHA-256: 5a7c3ccadac74077c88d8e3851abec3027931e2753ddad325cb6ceaf2718b6ec
openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    MD5: a8aa2757b293eca1c4d971474df297d6SHA-256: 3eccd272c43889e9cee97053cfbbd43b53d5afe8f4456e2c296f939d55888d9d
openssl-perl-0.9.8e-31.el5_11.i386.rpm
    MD5: 13f934934d8a26143e5d296aa412b89fSHA-256: 81cdd4a14ac6ee4e5faf64ade009a80bd2960eecdb2857be63fb775923514f75
 
x86_64:
openssl-0.9.8e-31.el5_11.i686.rpm
    MD5: b21b63b5d2ffbaa81006d5e4acab3728SHA-256: a7304dda6f42ffd818557c7815a8f02239b5331e8e29d365c8e8ad5751712224
openssl-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 826144fe24227565d259f717a9c0c3caSHA-256: 8a06c35c0aab3a30ba58553ce59f1fc3f09ef07a25f1bafd625289ed7f7aaf7f
openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    MD5: a8aa2757b293eca1c4d971474df297d6SHA-256: 3eccd272c43889e9cee97053cfbbd43b53d5afe8f4456e2c296f939d55888d9d
openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 2b19bafc38c92beda509a11699bcc88fSHA-256: 10dc6d45734a5e17017306994f9b1c4076a3b2e891d3ec18677e3caa711700b1
openssl-perl-0.9.8e-31.el5_11.x86_64.rpm
    MD5: 5a5fbfeed55055732c5b68a5b0e0c805SHA-256: 2c32d43aa405383b550af33f836e40300ce6b9dfa88485d3b913cef5a756b05a
 
(The unlinked packages above are only available from the Red Hat Network)
1152789 – CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply