Updated openssl packages that fix several security issues and one bug are nowavailable for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from theCVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.An invalid pointer use flaw was found in OpenSSL’s ASN1_TYPE_cmp()function. A remote attacker could crash a TLS/SSL client or server usingOpenSSL via a specially crafted X.509 certificate when theattacker-supplied certificate was verified by the application.(CVE-2015-0286)An integer underflow flaw, leading to a buffer overflow, was found in theway OpenSSL decoded malformed Base64-encoded inputs. An attacker able tomake an application using OpenSSL decode a specially crafted Base64-encodedinput (such as a PEM file) could use this flaw to cause the application tocrash. Note: this flaw is not exploitable via the TLS/SSL protocol becausethe data being transferred is not Base64-encoded. (CVE-2015-0292)A denial of service flaw was found in the way OpenSSL handled SSLv2handshake messages. A remote attacker could use this flaw to cause aTLS/SSL server using OpenSSL to exit on a failed assertion if it had boththe SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)A use-after-free flaw was found in the way OpenSSL imported malformedElliptic Curve private keys. A specially crafted key file could cause anapplication using OpenSSL to crash when imported. (CVE-2015-0209)An out-of-bounds write flaw was found in the way OpenSSL reused certainASN.1 structures. A remote attacker could possibly use a specially craftedASN.1 structure that, when parsed by an application, would cause thatapplication to crash. (CVE-2015-0287)A NULL pointer dereference flaw was found in OpenSSL’s X.509 certificatehandling implementation. A specially crafted X.509 certificate could causean application using OpenSSL to crash if the application attempted toconvert the certificate to a certificate request. (CVE-2015-0288)A NULL pointer dereference was found in the way OpenSSL handled certainPKCS#7 inputs. An attacker able to make an application using OpenSSLverify, decrypt, or parse a specially crafted PKCS#7 input could cause thatapplication to crash. TLS/SSL clients and servers using OpenSSL were notaffected by this flaw. (CVE-2015-0289)Red Hat would like to thank the OpenSSL project for reportingCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSLdevelopment team as the original reporter of CVE-2015-0286, Emilia Käsperof the OpenSSL development team as the original reporter of CVE-2015-0287,Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewskiof Google as the original reporter of CVE-2015-0289, Robert Dugal and DavidRamos as the original reporters of CVE-2015-0292, and Sean Burford ofGoogle and Emilia Käsper of the OpenSSL development team as the originalreporters of CVE-2015-0293.This update also fixes the following bug:* When a wrapped Advanced Encryption Standard (AES) key did not require anypadding, it was incorrectly padded with 8 bytes, which could lead to datacorruption and interoperability problems. With this update, the roundingalgorithm in the RFC 5649 key wrapping implementation has been fixed. As aresult, the wrapped key conforms to the specification, which prevents thedescribed problems. (BZ#1197667)All openssl users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. For the update to takeeffect, all services linked to the OpenSSL library must be restarted, orthe system rebooted.
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
openssl-1.0.1e-42.el7_1.4.src.rpm
    MD5: 74a4e432c18594d1724a3b5f1fef39ffSHA-256: 7b754ec2e9c00e403a20f71b4667ecfc80760ce8969e97b0793be03e6ad07acf
 
x86_64:
openssl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 67faf9ce7381a116e43aa65dbb8042b3SHA-256: 0f1e81fdd15923523a76c13ac0f51984078cfc703983386270cd4140cdccb73c
openssl-debuginfo-1.0.1e-42.el7_1.4.i686.rpm
    MD5: f72bf60ead19a51fd6256b4972529339SHA-256: 0b73e05a2a7aa6b2ff05559275d5a1294d1dea788f5ee8c0c3b2ad6a1adf9a4c
openssl-debuginfo-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b45b70fb04c1f3990f60f634537a89e2SHA-256: b064ed45ca8de61d5d04313a877fb80af35e685e6a7664e9b70db2337b397da4
openssl-devel-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 393df932fe3a3a9a5db35ba0f44a2342SHA-256: d5c50808f66e1e884445494f07b61da9bd77e1242b7135058ffa072a38bb6d16
openssl-devel-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: ca52c396fa64688c1824c7654cc34cdfSHA-256: 085fc9a349e342d97c4585a43fc93da4cf1406583045d6b6b177213dab8efd92
openssl-libs-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 87c569c5dc4fb0d130d70b43ea2327b5SHA-256: 444f2c140a96a45e2012d69044fa93e1c1be1232053a2192533baa8ba89729ff
openssl-libs-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b9633229f8b25d9b3d5fbf5c6f6ac7a4SHA-256: 6c6aa2a5db4e3d1f1d922d6a5ef60ecaa894d87ac122c0779fc5728bf433bc38
openssl-perl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b84b53c14f4fc7faf169bea9a8e3be39SHA-256: 38aca87eb7e95b5d035a778502689a268636ee6854650fac5c5095cdb7f600a1
openssl-static-1.0.1e-42.el7_1.4.i686.rpm
    MD5: d04663c7e77fdd6ca10b15788f9b0205SHA-256: 4f6f5467e2e1ffded5d2c4e38c19119d52b1e23a393679d5ae5660932c0d0a53
openssl-static-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 7f0b61b256f9aac06587da48a883f3faSHA-256: 583ad189db1d62ce1ff2f4c5b33edad08ef6eb8da64488a9beae257293f7f7fc
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
openssl-1.0.1e-42.el7_1.4.src.rpm
    MD5: 74a4e432c18594d1724a3b5f1fef39ffSHA-256: 7b754ec2e9c00e403a20f71b4667ecfc80760ce8969e97b0793be03e6ad07acf
 
x86_64:
openssl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 67faf9ce7381a116e43aa65dbb8042b3SHA-256: 0f1e81fdd15923523a76c13ac0f51984078cfc703983386270cd4140cdccb73c
openssl-debuginfo-1.0.1e-42.el7_1.4.i686.rpm
    MD5: f72bf60ead19a51fd6256b4972529339SHA-256: 0b73e05a2a7aa6b2ff05559275d5a1294d1dea788f5ee8c0c3b2ad6a1adf9a4c
openssl-debuginfo-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b45b70fb04c1f3990f60f634537a89e2SHA-256: b064ed45ca8de61d5d04313a877fb80af35e685e6a7664e9b70db2337b397da4
openssl-devel-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 393df932fe3a3a9a5db35ba0f44a2342SHA-256: d5c50808f66e1e884445494f07b61da9bd77e1242b7135058ffa072a38bb6d16
openssl-devel-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: ca52c396fa64688c1824c7654cc34cdfSHA-256: 085fc9a349e342d97c4585a43fc93da4cf1406583045d6b6b177213dab8efd92
openssl-libs-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 87c569c5dc4fb0d130d70b43ea2327b5SHA-256: 444f2c140a96a45e2012d69044fa93e1c1be1232053a2192533baa8ba89729ff
openssl-libs-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b9633229f8b25d9b3d5fbf5c6f6ac7a4SHA-256: 6c6aa2a5db4e3d1f1d922d6a5ef60ecaa894d87ac122c0779fc5728bf433bc38
openssl-perl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b84b53c14f4fc7faf169bea9a8e3be39SHA-256: 38aca87eb7e95b5d035a778502689a268636ee6854650fac5c5095cdb7f600a1
openssl-static-1.0.1e-42.el7_1.4.i686.rpm
    MD5: d04663c7e77fdd6ca10b15788f9b0205SHA-256: 4f6f5467e2e1ffded5d2c4e38c19119d52b1e23a393679d5ae5660932c0d0a53
openssl-static-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 7f0b61b256f9aac06587da48a883f3faSHA-256: 583ad189db1d62ce1ff2f4c5b33edad08ef6eb8da64488a9beae257293f7f7fc
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
openssl-1.0.1e-42.el7_1.4.src.rpm
    MD5: 74a4e432c18594d1724a3b5f1fef39ffSHA-256: 7b754ec2e9c00e403a20f71b4667ecfc80760ce8969e97b0793be03e6ad07acf
 
PPC:
openssl-1.0.1e-42.el7_1.4.ppc64.rpm
    MD5: 3cca0b57c2548f5f79cee4287092a7a2SHA-256: 20e3ce3ce24fb84a6ceb216dbca5b6198d84a96770f9a9d93a2ef497d8521737
openssl-debuginfo-1.0.1e-42.el7_1.4.ppc.rpm
    MD5: 8487602622d8090dc47825ff34f7acfbSHA-256: 1542ad92287c0aea6b3b22e574ad5eb7fa2bac553667e7eb4a82b956ce1057b4
openssl-debuginfo-1.0.1e-42.el7_1.4.ppc64.rpm
    MD5: 52d9756701a1dccc37251b15ad5387b6SHA-256: 6c09dcd5bec8edca467379e23334b95c9b52e292c31da65c4ff965e8d9957216
openssl-devel-1.0.1e-42.el7_1.4.ppc.rpm
    MD5: 76a6b99583bca60868ad078b7a1bdd1bSHA-256: 5c954c132da2cdf73db982b857aa1745c1ed3c05b2e5156ef9c538828ecf68c3
openssl-devel-1.0.1e-42.el7_1.4.ppc64.rpm
    MD5: c47b531d32442dc502a44bb3226eb462SHA-256: 1800a5ed8469533fd9fdc1ff4f304d75b7c673ce94c551d8832629e8cf1f367b
openssl-libs-1.0.1e-42.el7_1.4.ppc.rpm
    MD5: dd6c87cf38d203b0ee808de318656ac9SHA-256: 82007d173adcab0f1de1fd64cb9cd80e87f82f21458c7f1e19885f7248f29278
openssl-libs-1.0.1e-42.el7_1.4.ppc64.rpm
    MD5: 1e0f5ed7218a63452174ac5c03f9cb97SHA-256: a6331c06390416fdbde10e61d5bec6f3d5bfb2b48129efbd2bed04358a31dc43
openssl-perl-1.0.1e-42.el7_1.4.ppc64.rpm
    MD5: c35a68d9908fd3efa8a7ac5bf9a897eaSHA-256: 5eaf134997fad463a0e66a55c1fe7fd24503d159d3a01723264de6e9830639ae
openssl-static-1.0.1e-42.el7_1.4.ppc.rpm
    MD5: 5e74c807bd7d187c8c08a7019b3310f8SHA-256: a84ad63bd6fb45c8297617bb6c781a3fc9907c2d92b8c1f6567f1ae7adcdae5a
openssl-static-1.0.1e-42.el7_1.4.ppc64.rpm
    MD5: d2d8908c7105ddee1f0900efe91d0cf3SHA-256: b92f4099818d552fec91c02f8a8a46c5372a29d81ddea12b05d424cb18a6accd
 
s390x:
openssl-1.0.1e-42.el7_1.4.s390x.rpm
    MD5: 6c29d4e230e1b2b7c05b5fad62457090SHA-256: 851494938f84ee5ad061c7e1bb601df4a2ccd15e7e4a3706beb25bd4aefb9132
openssl-debuginfo-1.0.1e-42.el7_1.4.s390.rpm
    MD5: df16e3c79f359b07d3336047498e4b01SHA-256: 0e98605f473b28bcaf439dc95e4c84686bb9211c050067feaa65251558eb321f
openssl-debuginfo-1.0.1e-42.el7_1.4.s390x.rpm
    MD5: ee8c0dcfa2cbcf8706999a61993e826eSHA-256: 396897337e1dd9a8ad105fb8262bacc2f468e2714fb977fbe1dda3257478e9e0
openssl-devel-1.0.1e-42.el7_1.4.s390.rpm
    MD5: f696c67235601b3a19056cacd4f63ae9SHA-256: 36566604d16b9a4a5068f6806a3937d10ab1bf4d694d4e342bbd4e8b29a4691a
openssl-devel-1.0.1e-42.el7_1.4.s390x.rpm
    MD5: d611e53a92b06ae40df13423c4c7852eSHA-256: b73a1d70752017b36973af316fa54405133b05d33b1c794945d7497f1d3b8d95
openssl-libs-1.0.1e-42.el7_1.4.s390.rpm
    MD5: c3a019e9ea51746d66299534b71e64b8SHA-256: bfa5444195b6ee61ac4aab92beb27d94db54596c12f86b4d707daad22709af0c
openssl-libs-1.0.1e-42.el7_1.4.s390x.rpm
    MD5: 3777cb23474623fab7fbdc7bbc0f49e0SHA-256: e2121a22a72b8dde669117e468ceffb19e3677a21f2104a637f3f3b71a68f4b0
openssl-perl-1.0.1e-42.el7_1.4.s390x.rpm
    MD5: d0e130ce3b0a82cc654e6cb8d2bc534bSHA-256: 721bf04d409e51d4f0f0ccf7ec5a512a902410e05bb91d60bfc07baa3e4064e2
openssl-static-1.0.1e-42.el7_1.4.s390.rpm
    MD5: f85406da9a3795067286ff19827d6049SHA-256: 6c6a958601d3ee7496ad37f98c29581b085428b103b4fc64d5b5b1d9e4ca91a9
openssl-static-1.0.1e-42.el7_1.4.s390x.rpm
    MD5: 273c3c0a2c8acbb0545518b177c5d138SHA-256: 2e79b4a37e64c83b37b79c0080fab3686ddad73b75a10d02f6dca3e2f87dec3d
 
x86_64:
openssl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 67faf9ce7381a116e43aa65dbb8042b3SHA-256: 0f1e81fdd15923523a76c13ac0f51984078cfc703983386270cd4140cdccb73c
openssl-debuginfo-1.0.1e-42.el7_1.4.i686.rpm
    MD5: f72bf60ead19a51fd6256b4972529339SHA-256: 0b73e05a2a7aa6b2ff05559275d5a1294d1dea788f5ee8c0c3b2ad6a1adf9a4c
openssl-debuginfo-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b45b70fb04c1f3990f60f634537a89e2SHA-256: b064ed45ca8de61d5d04313a877fb80af35e685e6a7664e9b70db2337b397da4
openssl-devel-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 393df932fe3a3a9a5db35ba0f44a2342SHA-256: d5c50808f66e1e884445494f07b61da9bd77e1242b7135058ffa072a38bb6d16
openssl-devel-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: ca52c396fa64688c1824c7654cc34cdfSHA-256: 085fc9a349e342d97c4585a43fc93da4cf1406583045d6b6b177213dab8efd92
openssl-libs-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 87c569c5dc4fb0d130d70b43ea2327b5SHA-256: 444f2c140a96a45e2012d69044fa93e1c1be1232053a2192533baa8ba89729ff
openssl-libs-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b9633229f8b25d9b3d5fbf5c6f6ac7a4SHA-256: 6c6aa2a5db4e3d1f1d922d6a5ef60ecaa894d87ac122c0779fc5728bf433bc38
openssl-perl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b84b53c14f4fc7faf169bea9a8e3be39SHA-256: 38aca87eb7e95b5d035a778502689a268636ee6854650fac5c5095cdb7f600a1
openssl-static-1.0.1e-42.el7_1.4.i686.rpm
    MD5: d04663c7e77fdd6ca10b15788f9b0205SHA-256: 4f6f5467e2e1ffded5d2c4e38c19119d52b1e23a393679d5ae5660932c0d0a53
openssl-static-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 7f0b61b256f9aac06587da48a883f3faSHA-256: 583ad189db1d62ce1ff2f4c5b33edad08ef6eb8da64488a9beae257293f7f7fc
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
openssl-1.0.1e-42.el7_1.4.src.rpm
    MD5: 74a4e432c18594d1724a3b5f1fef39ffSHA-256: 7b754ec2e9c00e403a20f71b4667ecfc80760ce8969e97b0793be03e6ad07acf
 
x86_64:
openssl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 67faf9ce7381a116e43aa65dbb8042b3SHA-256: 0f1e81fdd15923523a76c13ac0f51984078cfc703983386270cd4140cdccb73c
openssl-debuginfo-1.0.1e-42.el7_1.4.i686.rpm
    MD5: f72bf60ead19a51fd6256b4972529339SHA-256: 0b73e05a2a7aa6b2ff05559275d5a1294d1dea788f5ee8c0c3b2ad6a1adf9a4c
openssl-debuginfo-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b45b70fb04c1f3990f60f634537a89e2SHA-256: b064ed45ca8de61d5d04313a877fb80af35e685e6a7664e9b70db2337b397da4
openssl-devel-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 393df932fe3a3a9a5db35ba0f44a2342SHA-256: d5c50808f66e1e884445494f07b61da9bd77e1242b7135058ffa072a38bb6d16
openssl-devel-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: ca52c396fa64688c1824c7654cc34cdfSHA-256: 085fc9a349e342d97c4585a43fc93da4cf1406583045d6b6b177213dab8efd92
openssl-libs-1.0.1e-42.el7_1.4.i686.rpm
    MD5: 87c569c5dc4fb0d130d70b43ea2327b5SHA-256: 444f2c140a96a45e2012d69044fa93e1c1be1232053a2192533baa8ba89729ff
openssl-libs-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b9633229f8b25d9b3d5fbf5c6f6ac7a4SHA-256: 6c6aa2a5db4e3d1f1d922d6a5ef60ecaa894d87ac122c0779fc5728bf433bc38
openssl-perl-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: b84b53c14f4fc7faf169bea9a8e3be39SHA-256: 38aca87eb7e95b5d035a778502689a268636ee6854650fac5c5095cdb7f600a1
openssl-static-1.0.1e-42.el7_1.4.i686.rpm
    MD5: d04663c7e77fdd6ca10b15788f9b0205SHA-256: 4f6f5467e2e1ffded5d2c4e38c19119d52b1e23a393679d5ae5660932c0d0a53
openssl-static-1.0.1e-42.el7_1.4.x86_64.rpm
    MD5: 7f0b61b256f9aac06587da48a883f3faSHA-256: 583ad189db1d62ce1ff2f4c5b33edad08ef6eb8da64488a9beae257293f7f7fc
 
(The unlinked packages above are only available from the Red Hat Network)
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply