Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.It was discovered that OpenSSL would accept ephemeral RSA keys when usingnon-export RSA cipher suites. A malicious server could make a TLS/SSLclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)An integer underflow flaw, leading to a buffer overflow, was found in theway OpenSSL decoded malformed Base64-encoded inputs. An attacker able tomake an application using OpenSSL decode a specially crafted Base64-encodedinput (such as a PEM file) could use this flaw to cause the application tocrash. Note: this flaw is not exploitable via the TLS/SSL protocol becausethe data being transferred is not Base64-encoded. (CVE-2015-0292)A denial of service flaw was found in the way OpenSSL handled SSLv2handshake messages. A remote attacker could use this flaw to cause aTLS/SSL server using OpenSSL to exit on a failed assertion if it had boththe SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)Multiple flaws were found in the way OpenSSL parsed X.509 certificates.An attacker could use these flaws to modify an X.509 certificate to producea certificate with a different fingerprint without invalidating itssignature, and possibly bypass fingerprint-based blacklisting inapplications. (CVE-2014-8275)An out-of-bounds write flaw was found in the way OpenSSL reused certainASN.1 structures. A remote attacker could possibly use a specially craftedASN.1 structure that, when parsed by an application, would cause thatapplication to crash. (CVE-2015-0287)A NULL pointer dereference flaw was found in OpenSSL’s X.509 certificatehandling implementation. A specially crafted X.509 certificate could causean application using OpenSSL to crash if the application attempted toconvert the certificate to a certificate request. (CVE-2015-0288)A NULL pointer dereference was found in the way OpenSSL handled certainPKCS#7 inputs. An attacker able to make an application using OpenSSLverify, decrypt, or parse a specially crafted PKCS#7 input could cause thatapplication to crash. TLS/SSL clients and servers using OpenSSL were notaffected by this flaw. (CVE-2015-0289)Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293.All openssl users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. For the update to takeeffect, all services linked to the OpenSSL library must be restarted, orthe system rebooted.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Desktop Workstation (v. 5 client)

SRPMS:
openssl-0.9.8e-33.el5_11.src.rpm
    MD5: 0f42e9fa5fc3e873645028f5b1ec6017SHA-256: f7e07a79ac081e8cb754583a5913aa37244448b30a838a9a468619b9892fb0a2
 
IA-32:
openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
    MD5: 9786cb7d1e44912eb684498237668d68SHA-256: 9573fdfe753faa602627b4295ab958ca9fc4db1cf32290cd6d696be2c5eccc8e
openssl-devel-0.9.8e-33.el5_11.i386.rpm
    MD5: 7392678e1f99aa770e483f11146364a7SHA-256: eb04ec2319dfa9a40528ca7857c2340f7e04ee3d2cf2a7559ba4030b6b7c4837
 
x86_64:
openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
    MD5: 9786cb7d1e44912eb684498237668d68SHA-256: 9573fdfe753faa602627b4295ab958ca9fc4db1cf32290cd6d696be2c5eccc8e
openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm
    MD5: 9c464b37dd5d2a5028ac32b50118dc25SHA-256: e942fd1fa3572a0e70240fb0694f3ff2d9ce0acdf983badfb7ab119246b8acca
openssl-devel-0.9.8e-33.el5_11.i386.rpm
    MD5: 7392678e1f99aa770e483f11146364a7SHA-256: eb04ec2319dfa9a40528ca7857c2340f7e04ee3d2cf2a7559ba4030b6b7c4837
openssl-devel-0.9.8e-33.el5_11.x86_64.rpm
    MD5: 3c589cf9fedfa1485348d992972966f7SHA-256: 59a7ac7bc40ebdcc0320e8754911fb92e77cdfdca02400bed49a9c78d4a2fb25
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openssl-0.9.8e-33.el5_11.src.rpm
    MD5: 0f42e9fa5fc3e873645028f5b1ec6017SHA-256: f7e07a79ac081e8cb754583a5913aa37244448b30a838a9a468619b9892fb0a2
 
IA-32:
openssl-0.9.8e-33.el5_11.i386.rpm
    MD5: 3f5cb65733b7ad1cd87d44ef48931663SHA-256: c7be64a00e38f15f4427efef551497492ccfc6cd448bb3c8b06c24661be654e8
openssl-0.9.8e-33.el5_11.i686.rpm
    MD5: 1a29ae37e49162f5bf15963a221bd155SHA-256: 4c2c79dadfdfd07030ae004c26bf5b440f7098d805bf37a45a2eb3338e609852
openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
    MD5: 9786cb7d1e44912eb684498237668d68SHA-256: 9573fdfe753faa602627b4295ab958ca9fc4db1cf32290cd6d696be2c5eccc8e
openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
    MD5: 6ddfac3d69a2b3aeadbfd1d420b24221SHA-256: 928dd85d785980aac6d594a1395c0ca6968db05ff169510a5fb149d6f6ae679e
openssl-devel-0.9.8e-33.el5_11.i386.rpm
    MD5: 7392678e1f99aa770e483f11146364a7SHA-256: eb04ec2319dfa9a40528ca7857c2340f7e04ee3d2cf2a7559ba4030b6b7c4837
openssl-perl-0.9.8e-33.el5_11.i386.rpm
    MD5: 38adafb095d82c7011fb45dcfe1cdcc8SHA-256: e6e6efc3b3f3e3ceee08e6f6c4d89e40b3a62daaef5f948be1e99c77c95ede7e
 
IA-64:
openssl-0.9.8e-33.el5_11.i686.rpm
    MD5: 1a29ae37e49162f5bf15963a221bd155SHA-256: 4c2c79dadfdfd07030ae004c26bf5b440f7098d805bf37a45a2eb3338e609852
openssl-0.9.8e-33.el5_11.ia64.rpm
    MD5: bf1b456c4a6070945339206ed5298232SHA-256: 8856699c9ba5cfe993379ec829298171ea8fd07b86f301f2a335cf3497931ab6
openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
    MD5: 6ddfac3d69a2b3aeadbfd1d420b24221SHA-256: 928dd85d785980aac6d594a1395c0ca6968db05ff169510a5fb149d6f6ae679e
openssl-debuginfo-0.9.8e-33.el5_11.ia64.rpm
    MD5: 1105bd9ab88fc3d9f5728ee54359d8a9SHA-256: 84092179d97ecd0c24c0a249c6e8db689c51affa7a5a231c17fa4c7759025a4d
openssl-devel-0.9.8e-33.el5_11.ia64.rpm
    MD5: 7115ce15e713b941a5f75c2bc42d65abSHA-256: c8c89a8fd78bedbd2ae631120398c61c3dc48428342137fb1b8d22c789d14882
openssl-perl-0.9.8e-33.el5_11.ia64.rpm
    MD5: 10f5c3849a290a609df4669da61ba99dSHA-256: a51cc941d09fe598516285cc12d2051885dff8d4b66320479fa287311b9476b5
 
PPC:
openssl-0.9.8e-33.el5_11.ppc.rpm
    MD5: b3aa0b785cee1826801cb626ba028831SHA-256: 8fbfe8a00cccd1837f75e85c11fb17f35f85a6b95533edfc8d762d4fd12dbcc2
openssl-0.9.8e-33.el5_11.ppc64.rpm
    MD5: 03a1dc0952700553da9afb8c0a1060cfSHA-256: 562b94995108e8745319bbebe6b823d87b1d806590a38dc137fb619c118761d5
openssl-debuginfo-0.9.8e-33.el5_11.ppc.rpm
    MD5: 9a070f30be3db830f66f461435cb947dSHA-256: f2f40a4dbe6217facf8bde09cca3597eaaf51cba7df8993371df2813ccba665f
openssl-debuginfo-0.9.8e-33.el5_11.ppc64.rpm
    MD5: 37600fda53d30792d8a377912785adf4SHA-256: 27d044c06936d4be184661e865d7a20119726b7ec0f837c9883e3be1edc1726d
openssl-devel-0.9.8e-33.el5_11.ppc.rpm
    MD5: 06d5351da18ef4fd116ff58de0964e1bSHA-256: b278d8e676ce0f48243ab64f7e82216b3bd0feb4a11645ef2b05c6736de7ee2e
openssl-devel-0.9.8e-33.el5_11.ppc64.rpm
    MD5: 8d069873a318c2333a8a9f5f9e67e922SHA-256: b411873f2735b99419a76fd3491ad8b753fe0a92c6a6370dd09d8ade6ea27188
openssl-perl-0.9.8e-33.el5_11.ppc.rpm
    MD5: 67fee101add49f86e316341ae8a4b6c1SHA-256: da839d7359f3030937e973346abace4890802f780a317d80e4b05fb0990285a7
 
s390x:
openssl-0.9.8e-33.el5_11.s390.rpm
    MD5: 497afbed6f32d2b65f317917c892a8dbSHA-256: 31605ed073e38a8d4f4e148713804298d25f010922905314a812cef58f8dce09
openssl-0.9.8e-33.el5_11.s390x.rpm
    MD5: 8f3da8344937e1a52fd85bab8a624579SHA-256: 2cfaf96cb70e98069cf2fbec562e988a44e5875b81e1f83c99b4856b88003672
openssl-debuginfo-0.9.8e-33.el5_11.s390.rpm
    MD5: bffa954e3bfc2b019c355b74c951530eSHA-256: fb3806d13d1aad68776bf703fc1a9752c886410ab4ae7f7d5da4e70d05d44bd5
openssl-debuginfo-0.9.8e-33.el5_11.s390x.rpm
    MD5: 5f0c6386563e2596aca9f631924932bfSHA-256: f318699699d3ba8cad01d28315441e8f3211dee5421cc95a1c4d1921d386a1ff
openssl-devel-0.9.8e-33.el5_11.s390.rpm
    MD5: e6c661cf34076bb53c1b959cbd44b61dSHA-256: d5d164a9eb465164cf7d007c21982cb332db563f58f65985acaeb9038199ed6b
openssl-devel-0.9.8e-33.el5_11.s390x.rpm
    MD5: 7e5a0c129f4d0a128946c9bc0ac4b68fSHA-256: 7026a19c68c06652e93a0640bb5ae907245a89884d245b502c6cf9f1ad205838
openssl-perl-0.9.8e-33.el5_11.s390x.rpm
    MD5: ff6f0d832bdfd85e4257b694c667c259SHA-256: 323b58b441c604be1be0c4df4ce78a90482a5515c4e230f42aedab2a76d60417
 
x86_64:
openssl-0.9.8e-33.el5_11.i686.rpm
    MD5: 1a29ae37e49162f5bf15963a221bd155SHA-256: 4c2c79dadfdfd07030ae004c26bf5b440f7098d805bf37a45a2eb3338e609852
openssl-0.9.8e-33.el5_11.x86_64.rpm
    MD5: a983743e7c8b9221f399604caa255aa0SHA-256: 2ea41f7006e4fafbb47c580a6793ea9860ada553ff06e1b1aafaf52d1b1ff0ec
openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
    MD5: 9786cb7d1e44912eb684498237668d68SHA-256: 9573fdfe753faa602627b4295ab958ca9fc4db1cf32290cd6d696be2c5eccc8e
openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
    MD5: 6ddfac3d69a2b3aeadbfd1d420b24221SHA-256: 928dd85d785980aac6d594a1395c0ca6968db05ff169510a5fb149d6f6ae679e
openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm
    MD5: 9c464b37dd5d2a5028ac32b50118dc25SHA-256: e942fd1fa3572a0e70240fb0694f3ff2d9ce0acdf983badfb7ab119246b8acca
openssl-devel-0.9.8e-33.el5_11.i386.rpm
    MD5: 7392678e1f99aa770e483f11146364a7SHA-256: eb04ec2319dfa9a40528ca7857c2340f7e04ee3d2cf2a7559ba4030b6b7c4837
openssl-devel-0.9.8e-33.el5_11.x86_64.rpm
    MD5: 3c589cf9fedfa1485348d992972966f7SHA-256: 59a7ac7bc40ebdcc0320e8754911fb92e77cdfdca02400bed49a9c78d4a2fb25
openssl-perl-0.9.8e-33.el5_11.x86_64.rpm
    MD5: 0fc1d16c82224a2e3f063f79241271feSHA-256: e3f66d0fb8566248f1f020f5e9de42a6c5470bf81c934ba966d99b40422be5e9
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openssl-0.9.8e-33.el5_11.src.rpm
    MD5: 0f42e9fa5fc3e873645028f5b1ec6017SHA-256: f7e07a79ac081e8cb754583a5913aa37244448b30a838a9a468619b9892fb0a2
 
IA-32:
openssl-0.9.8e-33.el5_11.i386.rpm
    MD5: 3f5cb65733b7ad1cd87d44ef48931663SHA-256: c7be64a00e38f15f4427efef551497492ccfc6cd448bb3c8b06c24661be654e8
openssl-0.9.8e-33.el5_11.i686.rpm
    MD5: 1a29ae37e49162f5bf15963a221bd155SHA-256: 4c2c79dadfdfd07030ae004c26bf5b440f7098d805bf37a45a2eb3338e609852
openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
    MD5: 9786cb7d1e44912eb684498237668d68SHA-256: 9573fdfe753faa602627b4295ab958ca9fc4db1cf32290cd6d696be2c5eccc8e
openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
    MD5: 6ddfac3d69a2b3aeadbfd1d420b24221SHA-256: 928dd85d785980aac6d594a1395c0ca6968db05ff169510a5fb149d6f6ae679e
openssl-perl-0.9.8e-33.el5_11.i386.rpm
    MD5: 38adafb095d82c7011fb45dcfe1cdcc8SHA-256: e6e6efc3b3f3e3ceee08e6f6c4d89e40b3a62daaef5f948be1e99c77c95ede7e
 
x86_64:
openssl-0.9.8e-33.el5_11.i686.rpm
    MD5: 1a29ae37e49162f5bf15963a221bd155SHA-256: 4c2c79dadfdfd07030ae004c26bf5b440f7098d805bf37a45a2eb3338e609852
openssl-0.9.8e-33.el5_11.x86_64.rpm
    MD5: a983743e7c8b9221f399604caa255aa0SHA-256: 2ea41f7006e4fafbb47c580a6793ea9860ada553ff06e1b1aafaf52d1b1ff0ec
openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
    MD5: 6ddfac3d69a2b3aeadbfd1d420b24221SHA-256: 928dd85d785980aac6d594a1395c0ca6968db05ff169510a5fb149d6f6ae679e
openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm
    MD5: 9c464b37dd5d2a5028ac32b50118dc25SHA-256: e942fd1fa3572a0e70240fb0694f3ff2d9ce0acdf983badfb7ab119246b8acca
openssl-perl-0.9.8e-33.el5_11.x86_64.rpm
    MD5: 0fc1d16c82224a2e3f063f79241271feSHA-256: e3f66d0fb8566248f1f020f5e9de42a6c5470bf81c934ba966d99b40422be5e9
 
(The unlinked packages above are only available from the Red Hat Network)
1180184 – CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)1180187 – CVE-2014-8275 openssl: Fix various certificate fingerprint issues1202380 – CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption1202384 – CVE-2015-0289 openssl: PKCS7 NULL pointer dereference1202395 – CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding1202404 – CVE-2015-0293 openssl: assertion failure in SSLv2 servers1202418 – CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply