FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 01-19-2010, 11:25 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2010:0054-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0054.html
Issue date: 2010-01-19
CVE Names: CVE-2009-2409 CVE-2009-4355
================================================== ===================

1. Summary:

Updated openssl packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was found that the OpenSSL library did not properly re-initialize its
internal state in the SSL_library_init() function after previous calls to
the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak
for each subsequent SSL connection. This flaw could cause server
applications that call those functions during reload, such as a combination
of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available
memory, resulting in a denial of service. (CVE-2009-4355)

Dan Kaminsky found that browsers could accept certificates with MD2 hash
signatures, even though MD2 is no longer considered a cryptographically
strong algorithm. This could make it easier for an attacker to create a
malicious certificate that would be treated as trusted by a browser.
OpenSSL now disables the use of the MD2 algorithm inside signatures by
default. (CVE-2009-2409)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
546707 - CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests (DoS)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_4.1.src.rpm

i386:
openssl-0.9.8e-12.el5_4.1.i386.rpm
openssl-0.9.8e-12.el5_4.1.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i686.rpm
openssl-perl-0.9.8e-12.el5_4.1.i386.rpm

x86_64:
openssl-0.9.8e-12.el5_4.1.i686.rpm
openssl-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-perl-0.9.8e-12.el5_4.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_4.1.src.rpm

i386:
openssl-debuginfo-0.9.8e-12.el5_4.1.i386.rpm
openssl-devel-0.9.8e-12.el5_4.1.i386.rpm

x86_64:
openssl-debuginfo-0.9.8e-12.el5_4.1.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-devel-0.9.8e-12.el5_4.1.i386.rpm
openssl-devel-0.9.8e-12.el5_4.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-12.el5_4.1.src.rpm

i386:
openssl-0.9.8e-12.el5_4.1.i386.rpm
openssl-0.9.8e-12.el5_4.1.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i686.rpm
openssl-devel-0.9.8e-12.el5_4.1.i386.rpm
openssl-perl-0.9.8e-12.el5_4.1.i386.rpm

ia64:
openssl-0.9.8e-12.el5_4.1.i686.rpm
openssl-0.9.8e-12.el5_4.1.ia64.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.ia64.rpm
openssl-devel-0.9.8e-12.el5_4.1.ia64.rpm
openssl-perl-0.9.8e-12.el5_4.1.ia64.rpm

ppc:
openssl-0.9.8e-12.el5_4.1.ppc.rpm
openssl-0.9.8e-12.el5_4.1.ppc64.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.ppc.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.ppc64.rpm
openssl-devel-0.9.8e-12.el5_4.1.ppc.rpm
openssl-devel-0.9.8e-12.el5_4.1.ppc64.rpm
openssl-perl-0.9.8e-12.el5_4.1.ppc.rpm

s390x:
openssl-0.9.8e-12.el5_4.1.s390.rpm
openssl-0.9.8e-12.el5_4.1.s390x.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.s390.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.s390x.rpm
openssl-devel-0.9.8e-12.el5_4.1.s390.rpm
openssl-devel-0.9.8e-12.el5_4.1.s390x.rpm
openssl-perl-0.9.8e-12.el5_4.1.s390x.rpm

x86_64:
openssl-0.9.8e-12.el5_4.1.i686.rpm
openssl-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-devel-0.9.8e-12.el5_4.1.i386.rpm
openssl-devel-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-perl-0.9.8e-12.el5_4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-2409.html
https://www.redhat.com/security/data/cve/CVE-2009-4355.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLVk1RXlSAg2UNWIIRAjJMAJ9g5P3w6KtQOXf25XUcd8 WMcG+2gQCgpSOc
Dm+xt2ADLQrYB9Fs1j89aAk=
=EXs7
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-25-2010, 09:58 AM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2010:0163-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0163.html
Issue date: 2010-03-25
CVE Names: CVE-2009-0590 CVE-2009-2409 CVE-2009-3555
================================================== ===================

1. Summary:

Updated openssl packages that fix several security issues are now available
for Red Hat Enterprise Linux 3 and 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handled session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update addresses this flaw by implementing the
TLS Renegotiation Indication Extension, as defined in RFC 5746.
(CVE-2009-3555)

Refer to the following Knowledgebase article for additional details about
the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491

Dan Kaminsky found that browsers could accept certificates with MD2 hash
signatures, even though MD2 is no longer considered a cryptographically
strong algorithm. This could make it easier for an attacker to create a
malicious certificate that would be treated as trusted by a browser.
OpenSSL now disables the use of the MD2 algorithm inside signatures by
default. (CVE-2009-2409)

An input validation flaw was found in the handling of the BMPString and
UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex()
function. An attacker could use this flaw to create a specially-crafted
X.509 certificate that could cause applications using the affected function
to crash when printing certificate contents. (CVE-2009-0590)

Note: The affected function is rarely used. No application shipped with Red
Hat Enterprise Linux calls this function, for example.

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

492304 - CVE-2009-0590 openssl: ASN1 printing crash
510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm

i386:
openssl-0.9.7a-33.26.i386.rpm
openssl-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.i386.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-devel-0.9.7a-33.26.i386.rpm
openssl-perl-0.9.7a-33.26.i386.rpm

ia64:
openssl-0.9.7a-33.26.i686.rpm
openssl-0.9.7a-33.26.ia64.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.ia64.rpm
openssl-devel-0.9.7a-33.26.ia64.rpm
openssl-perl-0.9.7a-33.26.ia64.rpm

ppc:
openssl-0.9.7a-33.26.ppc.rpm
openssl-0.9.7a-33.26.ppc64.rpm
openssl-debuginfo-0.9.7a-33.26.ppc.rpm
openssl-debuginfo-0.9.7a-33.26.ppc64.rpm
openssl-devel-0.9.7a-33.26.ppc.rpm
openssl-perl-0.9.7a-33.26.ppc.rpm

s390:
openssl-0.9.7a-33.26.s390.rpm
openssl-debuginfo-0.9.7a-33.26.s390.rpm
openssl-devel-0.9.7a-33.26.s390.rpm
openssl-perl-0.9.7a-33.26.s390.rpm

s390x:
openssl-0.9.7a-33.26.s390.rpm
openssl-0.9.7a-33.26.s390x.rpm
openssl-debuginfo-0.9.7a-33.26.s390.rpm
openssl-debuginfo-0.9.7a-33.26.s390x.rpm
openssl-devel-0.9.7a-33.26.s390x.rpm
openssl-perl-0.9.7a-33.26.s390x.rpm

x86_64:
openssl-0.9.7a-33.26.i686.rpm
openssl-0.9.7a-33.26.x86_64.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.x86_64.rpm
openssl-devel-0.9.7a-33.26.x86_64.rpm
openssl-perl-0.9.7a-33.26.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm

i386:
openssl-0.9.7a-33.26.i386.rpm
openssl-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.i386.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-devel-0.9.7a-33.26.i386.rpm
openssl-perl-0.9.7a-33.26.i386.rpm

x86_64:
openssl-0.9.7a-33.26.i686.rpm
openssl-0.9.7a-33.26.x86_64.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.x86_64.rpm
openssl-devel-0.9.7a-33.26.x86_64.rpm
openssl-perl-0.9.7a-33.26.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm

i386:
openssl-0.9.7a-33.26.i386.rpm
openssl-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.i386.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-devel-0.9.7a-33.26.i386.rpm
openssl-perl-0.9.7a-33.26.i386.rpm

ia64:
openssl-0.9.7a-33.26.i686.rpm
openssl-0.9.7a-33.26.ia64.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.ia64.rpm
openssl-devel-0.9.7a-33.26.ia64.rpm
openssl-perl-0.9.7a-33.26.ia64.rpm

x86_64:
openssl-0.9.7a-33.26.i686.rpm
openssl-0.9.7a-33.26.x86_64.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.x86_64.rpm
openssl-devel-0.9.7a-33.26.x86_64.rpm
openssl-perl-0.9.7a-33.26.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm

i386:
openssl-0.9.7a-33.26.i386.rpm
openssl-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.i386.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-devel-0.9.7a-33.26.i386.rpm
openssl-perl-0.9.7a-33.26.i386.rpm

ia64:
openssl-0.9.7a-33.26.i686.rpm
openssl-0.9.7a-33.26.ia64.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.ia64.rpm
openssl-devel-0.9.7a-33.26.ia64.rpm
openssl-perl-0.9.7a-33.26.ia64.rpm

x86_64:
openssl-0.9.7a-33.26.i686.rpm
openssl-0.9.7a-33.26.x86_64.rpm
openssl-debuginfo-0.9.7a-33.26.i686.rpm
openssl-debuginfo-0.9.7a-33.26.x86_64.rpm
openssl-devel-0.9.7a-33.26.x86_64.rpm
openssl-perl-0.9.7a-33.26.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm

ia64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm

ppc:
openssl-0.9.7a-43.17.el4_8.5.ppc.rpm
openssl-0.9.7a-43.17.el4_8.5.ppc64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.ppc.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.ppc64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.ppc.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.ppc64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.ppc.rpm

s390:
openssl-0.9.7a-43.17.el4_8.5.s390.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.s390.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.s390.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.s390.rpm

s390x:
openssl-0.9.7a-43.17.el4_8.5.s390.rpm
openssl-0.9.7a-43.17.el4_8.5.s390x.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.s390.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.s390x.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.s390.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.s390x.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.s390x.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm

ia64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm

ia64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-0590.html
https://www.redhat.com/security/data/cve/CVE-2009-2409.html
https://www.redhat.com/security/data/cve/CVE-2009-3555.html
http://www.redhat.com/security/updates/classification/#moderate
http://kbase.redhat.com/faq/docs/DOC-20491

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLq0FMXlSAg2UNWIIRAkUBAJ9U9UK/AKGkp6C6aKNiju/0H85ncACff/Ik
XNkd/Dl7OFXMXyyM51/Tb50=
=6XPJ
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-13-2010, 05:21 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2010:0977-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0977.html
Issue date: 2010-12-13
CVE Names: CVE-2008-7270 CVE-2009-3245 CVE-2010-4180
================================================== ===================

1. Summary:

Updated openssl packages that fix three security issues are now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180, CVE-2008-7270)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

It was discovered that OpenSSL did not always check the return value of the
bn_wexpand() function. An attacker able to trigger a memory allocation
failure in that function could possibly crash an application using the
OpenSSL library and its UBSEC hardware engine support. (CVE-2009-3245)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks
659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm

ia64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm

ppc:
openssl-0.9.7a-43.17.el4_8.6.ppc.rpm
openssl-0.9.7a-43.17.el4_8.6.ppc64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.ppc.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.ppc64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.ppc.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.ppc64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.ppc.rpm

s390:
openssl-0.9.7a-43.17.el4_8.6.s390.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.s390.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.s390.rpm

s390x:
openssl-0.9.7a-43.17.el4_8.6.s390.rpm
openssl-0.9.7a-43.17.el4_8.6.s390x.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390x.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.s390.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.s390x.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.s390x.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm

ia64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm

i386:
openssl-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm

ia64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm

x86_64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-7270.html
https://www.redhat.com/security/data/cve/CVE-2009-3245.html
https://www.redhat.com/security/data/cve/CVE-2010-4180.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNBmPdXlSAg2UNWIIRAhJ7AJ4udykIH04u4+SjeOtQtq P6ckm6gQCgxMQJ
uHxijZs4kgRR0FnX+gzoPdU=
=5RLE
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-13-2010, 05:44 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2010:0978-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0978.html
Issue date: 2010-12-13
CVE Names: CVE-2008-7270 CVE-2010-4180
================================================== ===================

1. Summary:

Updated openssl packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180, CVE-2008-7270)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_5.7.src.rpm

i386:
openssl-0.9.8e-12.el5_5.7.i386.rpm
openssl-0.9.8e-12.el5_5.7.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm
openssl-perl-0.9.8e-12.el5_5.7.i386.rpm

x86_64:
openssl-0.9.8e-12.el5_5.7.i686.rpm
openssl-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_5.7.src.rpm

i386:
openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm

x86_64:
openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm
openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-12.el5_5.7.src.rpm

i386:
openssl-0.9.8e-12.el5_5.7.i386.rpm
openssl-0.9.8e-12.el5_5.7.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm
openssl-perl-0.9.8e-12.el5_5.7.i386.rpm

ia64:
openssl-0.9.8e-12.el5_5.7.i686.rpm
openssl-0.9.8e-12.el5_5.7.ia64.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.ia64.rpm
openssl-devel-0.9.8e-12.el5_5.7.ia64.rpm
openssl-perl-0.9.8e-12.el5_5.7.ia64.rpm

ppc:
openssl-0.9.8e-12.el5_5.7.ppc.rpm
openssl-0.9.8e-12.el5_5.7.ppc64.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.ppc.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.ppc64.rpm
openssl-devel-0.9.8e-12.el5_5.7.ppc.rpm
openssl-devel-0.9.8e-12.el5_5.7.ppc64.rpm
openssl-perl-0.9.8e-12.el5_5.7.ppc.rpm

s390x:
openssl-0.9.8e-12.el5_5.7.s390.rpm
openssl-0.9.8e-12.el5_5.7.s390x.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.s390.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.s390x.rpm
openssl-devel-0.9.8e-12.el5_5.7.s390.rpm
openssl-devel-0.9.8e-12.el5_5.7.s390x.rpm
openssl-perl-0.9.8e-12.el5_5.7.s390x.rpm

x86_64:
openssl-0.9.8e-12.el5_5.7.i686.rpm
openssl-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm
openssl-debuginfo-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm
openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-7270.html
https://www.redhat.com/security/data/cve/CVE-2010-4180.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNBmlFXlSAg2UNWIIRArfgAKC08AtM/DdMUSwNoU5JHYOaPYJvcQCeJhh+
6B6Gvl5F7ytAH5cKmTS+zxg=
=+Ub6
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-13-2010, 05:48 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2010:0979-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0979.html
Issue date: 2010-12-13
CVE Names: CVE-2010-4180
================================================== ===================

1. Summary:

Updated openssl packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

i386:
openssl-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm

x86_64:
openssl-1.0.0-4.el6_0.2.i686.rpm
openssl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

i386:
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-devel-1.0.0-4.el6_0.2.i686.rpm
openssl-perl-1.0.0-4.el6_0.2.i686.rpm
openssl-static-1.0.0-4.el6_0.2.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm
openssl-devel-1.0.0-4.el6_0.2.i686.rpm
openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm
openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-static-1.0.0-4.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

x86_64:
openssl-1.0.0-4.el6_0.2.i686.rpm
openssl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

x86_64:
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm
openssl-devel-1.0.0-4.el6_0.2.i686.rpm
openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm
openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-static-1.0.0-4.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

i386:
openssl-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-devel-1.0.0-4.el6_0.2.i686.rpm

ppc64:
openssl-1.0.0-4.el6_0.2.ppc.rpm
openssl-1.0.0-4.el6_0.2.ppc64.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.ppc.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.ppc64.rpm
openssl-devel-1.0.0-4.el6_0.2.ppc.rpm
openssl-devel-1.0.0-4.el6_0.2.ppc64.rpm

s390x:
openssl-1.0.0-4.el6_0.2.s390.rpm
openssl-1.0.0-4.el6_0.2.s390x.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.s390.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.s390x.rpm
openssl-devel-1.0.0-4.el6_0.2.s390.rpm
openssl-devel-1.0.0-4.el6_0.2.s390x.rpm

x86_64:
openssl-1.0.0-4.el6_0.2.i686.rpm
openssl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm
openssl-devel-1.0.0-4.el6_0.2.i686.rpm
openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

i386:
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-perl-1.0.0-4.el6_0.2.i686.rpm
openssl-static-1.0.0-4.el6_0.2.i686.rpm

ppc64:
openssl-debuginfo-1.0.0-4.el6_0.2.ppc64.rpm
openssl-perl-1.0.0-4.el6_0.2.ppc64.rpm
openssl-static-1.0.0-4.el6_0.2.ppc64.rpm

s390x:
openssl-debuginfo-1.0.0-4.el6_0.2.s390x.rpm
openssl-perl-1.0.0-4.el6_0.2.s390x.rpm
openssl-static-1.0.0-4.el6_0.2.s390x.rpm

x86_64:
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm
openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-static-1.0.0-4.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

i386:
openssl-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-devel-1.0.0-4.el6_0.2.i686.rpm

x86_64:
openssl-1.0.0-4.el6_0.2.i686.rpm
openssl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm
openssl-devel-1.0.0-4.el6_0.2.i686.rpm
openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm

i386:
openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm
openssl-perl-1.0.0-4.el6_0.2.i686.rpm
openssl-static-1.0.0-4.el6_0.2.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm
openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm
openssl-static-1.0.0-4.el6_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4180.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNBmoxXlSAg2UNWIIRApuhAJ4/rYz+B21DIirwsrbeQPnm8OTmaQCgi2dq
B9NstJ1WS7bj6BT6U30llW8=
=OuwV
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 10-26-2011, 05:26 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2011:1409-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1409.html
Issue date: 2011-10-26
CVE Names: CVE-2011-3207
================================================== ===================

1. Summary:

Updated openssl packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An uninitialized variable use flaw was found in OpenSSL. This flaw could
cause an application using the OpenSSL Certificate Revocation List (CRL)
checking functionality to incorrectly accept a CRL that has a nextUpdate
date in the past. (CVE-2011-3207)

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

736087 - CVE-2011-3207 openssl: CRL verification vulnerability

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

i386:
openssl-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm

x86_64:
openssl-1.0.0-10.el6_1.5.i686.rpm
openssl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

i386:
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-devel-1.0.0-10.el6_1.5.i686.rpm
openssl-perl-1.0.0-10.el6_1.5.i686.rpm
openssl-static-1.0.0-10.el6_1.5.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
openssl-devel-1.0.0-10.el6_1.5.i686.rpm
openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm
openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-static-1.0.0-10.el6_1.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

x86_64:
openssl-1.0.0-10.el6_1.5.i686.rpm
openssl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
openssl-devel-1.0.0-10.el6_1.5.i686.rpm
openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm
openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-static-1.0.0-10.el6_1.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

i386:
openssl-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-devel-1.0.0-10.el6_1.5.i686.rpm

ppc64:
openssl-1.0.0-10.el6_1.5.ppc.rpm
openssl-1.0.0-10.el6_1.5.ppc64.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.ppc.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.ppc64.rpm
openssl-devel-1.0.0-10.el6_1.5.ppc.rpm
openssl-devel-1.0.0-10.el6_1.5.ppc64.rpm

s390x:
openssl-1.0.0-10.el6_1.5.s390.rpm
openssl-1.0.0-10.el6_1.5.s390x.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.s390.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.s390x.rpm
openssl-devel-1.0.0-10.el6_1.5.s390.rpm
openssl-devel-1.0.0-10.el6_1.5.s390x.rpm

x86_64:
openssl-1.0.0-10.el6_1.5.i686.rpm
openssl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
openssl-devel-1.0.0-10.el6_1.5.i686.rpm
openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

i386:
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-perl-1.0.0-10.el6_1.5.i686.rpm
openssl-static-1.0.0-10.el6_1.5.i686.rpm

ppc64:
openssl-debuginfo-1.0.0-10.el6_1.5.ppc64.rpm
openssl-perl-1.0.0-10.el6_1.5.ppc64.rpm
openssl-static-1.0.0-10.el6_1.5.ppc64.rpm

s390x:
openssl-debuginfo-1.0.0-10.el6_1.5.s390x.rpm
openssl-perl-1.0.0-10.el6_1.5.s390x.rpm
openssl-static-1.0.0-10.el6_1.5.s390x.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-static-1.0.0-10.el6_1.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

i386:
openssl-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-devel-1.0.0-10.el6_1.5.i686.rpm

x86_64:
openssl-1.0.0-10.el6_1.5.i686.rpm
openssl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
openssl-devel-1.0.0-10.el6_1.5.i686.rpm
openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm

i386:
openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
openssl-perl-1.0.0-10.el6_1.5.i686.rpm
openssl-static-1.0.0-10.el6_1.5.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm
openssl-static-1.0.0-10.el6_1.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3207.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOqEKmXlSAg2UNWIIRAu12AJ4r+xRtVLgjGnLa92p5Py h6vEp54gCdEjgZ
o24aGxH7GN13mI9WUhPkgt0=
=4ANj
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-24-2012, 08:37 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2012:0059-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html
Issue date: 2012-01-24
CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577
CVE-2011-4619
================================================== ===================

1. Summary:

Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was discovered that the Datagram Transport Layer Security (DTLS)
protocol implementation in OpenSSL leaked timing information when
performing certain operations. A remote attacker could possibly use this
flaw to retrieve plain text from the encrypted packets by using a DTLS
server as a padding oracle. (CVE-2011-4108)

An information leak flaw was found in the SSL 3.0 protocol implementation
in OpenSSL. Incorrect initialization of SSL record padding bytes could
cause an SSL client or server to send a limited amount of possibly
sensitive data to its SSL peer via the encrypted connection.
(CVE-2011-4576)

A denial of service flaw was found in the RFC 3779 implementation in
OpenSSL. A remote attacker could use this flaw to make an application using
OpenSSL exit unexpectedly by providing a specially-crafted X.509
certificate that has malformed RFC 3779 extension data. (CVE-2011-4577)

It was discovered that OpenSSL did not limit the number of TLS/SSL
handshake restarts required to support Server Gated Cryptography. A remote
attacker could use this flaw to make a TLS/SSL server using OpenSSL consume
an excessive amount of CPU by continuously restarting the handshake.
(CVE-2011-4619)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack
771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding
771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures
771780 - CVE-2011-4619 openssl: SGC restart DoS attack

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386:
openssl-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm

x86_64:
openssl-1.0.0-20.el6_2.1.i686.rpm
openssl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386:
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-devel-1.0.0-20.el6_2.1.i686.rpm
openssl-perl-1.0.0-20.el6_2.1.i686.rpm
openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
openssl-devel-1.0.0-20.el6_2.1.i686.rpm
openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64:
openssl-1.0.0-20.el6_2.1.i686.rpm
openssl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

x86_64:
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
openssl-devel-1.0.0-20.el6_2.1.i686.rpm
openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386:
openssl-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-devel-1.0.0-20.el6_2.1.i686.rpm

ppc64:
openssl-1.0.0-20.el6_2.1.ppc.rpm
openssl-1.0.0-20.el6_2.1.ppc64.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm
openssl-devel-1.0.0-20.el6_2.1.ppc.rpm
openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm

s390x:
openssl-1.0.0-20.el6_2.1.s390.rpm
openssl-1.0.0-20.el6_2.1.s390x.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm
openssl-devel-1.0.0-20.el6_2.1.s390.rpm
openssl-devel-1.0.0-20.el6_2.1.s390x.rpm

x86_64:
openssl-1.0.0-20.el6_2.1.i686.rpm
openssl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
openssl-devel-1.0.0-20.el6_2.1.i686.rpm
openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386:
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-perl-1.0.0-20.el6_2.1.i686.rpm
openssl-static-1.0.0-20.el6_2.1.i686.rpm

ppc64:
openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm
openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm
openssl-static-1.0.0-20.el6_2.1.ppc64.rpm

s390x:
openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm
openssl-perl-1.0.0-20.el6_2.1.s390x.rpm
openssl-static-1.0.0-20.el6_2.1.s390x.rpm

x86_64:
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386:
openssl-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-devel-1.0.0-20.el6_2.1.i686.rpm

x86_64:
openssl-1.0.0-20.el6_2.1.i686.rpm
openssl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
openssl-devel-1.0.0-20.el6_2.1.i686.rpm
openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm

i386:
openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
openssl-perl-1.0.0-20.el6_2.1.i686.rpm
openssl-static-1.0.0-20.el6_2.1.i686.rpm

x86_64:
openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm
openssl-static-1.0.0-20.el6_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4108.html
https://www.redhat.com/security/data/cve/CVE-2011-4576.html
https://www.redhat.com/security/data/cve/CVE-2011-4577.html
https://www.redhat.com/security/data/cve/CVE-2011-4619.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaW FHDNjGZwCZAdR3
CJl5iUxU4cxJLOsSBESSRVs=
=PMiS
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-24-2012, 08:38 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2012:0060-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0060.html
Issue date: 2012-01-24
CVE Names: CVE-2011-4108 CVE-2011-4109 CVE-2011-4576
CVE-2011-4619
================================================== ===================

1. Summary:

Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was discovered that the Datagram Transport Layer Security (DTLS)
protocol implementation in OpenSSL leaked timing information when
performing certain operations. A remote attacker could possibly use this
flaw to retrieve plain text from the encrypted packets by using a DTLS
server as a padding oracle. (CVE-2011-4108)

A double free flaw was discovered in the policy checking code in OpenSSL.
A remote attacker could use this flaw to crash an application that uses
OpenSSL by providing an X.509 certificate that has specially-crafted
policy extension data. (CVE-2011-4109)

An information leak flaw was found in the SSL 3.0 protocol implementation
in OpenSSL. Incorrect initialization of SSL record padding bytes could
cause an SSL client or server to send a limited amount of possibly
sensitive data to its SSL peer via the encrypted connection.
(CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL
handshake restarts required to support Server Gated Cryptography. A remote
attacker could use this flaw to make a TLS/SSL server using OpenSSL consume
an excessive amount of CPU by continuously restarting the handshake.
(CVE-2011-4619)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack
771771 - CVE-2011-4109 openssl: double-free in policy checks
771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding
771780 - CVE-2011-4619 openssl: SGC restart DoS attack

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm

i386:
openssl-0.9.8e-20.el5_7.1.i386.rpm
openssl-0.9.8e-20.el5_7.1.i686.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm
openssl-perl-0.9.8e-20.el5_7.1.i386.rpm

x86_64:
openssl-0.9.8e-20.el5_7.1.i686.rpm
openssl-0.9.8e-20.el5_7.1.x86_64.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm
openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm

i386:
openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm
openssl-devel-0.9.8e-20.el5_7.1.i386.rpm

x86_64:
openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm
openssl-devel-0.9.8e-20.el5_7.1.i386.rpm
openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm

i386:
openssl-0.9.8e-20.el5_7.1.i386.rpm
openssl-0.9.8e-20.el5_7.1.i686.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm
openssl-devel-0.9.8e-20.el5_7.1.i386.rpm
openssl-perl-0.9.8e-20.el5_7.1.i386.rpm

ia64:
openssl-0.9.8e-20.el5_7.1.i686.rpm
openssl-0.9.8e-20.el5_7.1.ia64.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.ia64.rpm
openssl-devel-0.9.8e-20.el5_7.1.ia64.rpm
openssl-perl-0.9.8e-20.el5_7.1.ia64.rpm

ppc:
openssl-0.9.8e-20.el5_7.1.ppc.rpm
openssl-0.9.8e-20.el5_7.1.ppc64.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.ppc.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.ppc64.rpm
openssl-devel-0.9.8e-20.el5_7.1.ppc.rpm
openssl-devel-0.9.8e-20.el5_7.1.ppc64.rpm
openssl-perl-0.9.8e-20.el5_7.1.ppc.rpm

s390x:
openssl-0.9.8e-20.el5_7.1.s390.rpm
openssl-0.9.8e-20.el5_7.1.s390x.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.s390.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.s390x.rpm
openssl-devel-0.9.8e-20.el5_7.1.s390.rpm
openssl-devel-0.9.8e-20.el5_7.1.s390x.rpm
openssl-perl-0.9.8e-20.el5_7.1.s390x.rpm

x86_64:
openssl-0.9.8e-20.el5_7.1.i686.rpm
openssl-0.9.8e-20.el5_7.1.x86_64.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm
openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm
openssl-devel-0.9.8e-20.el5_7.1.i386.rpm
openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm
openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4108.html
https://www.redhat.com/security/data/cve/CVE-2011-4109.html
https://www.redhat.com/security/data/cve/CVE-2011-4576.html
https://www.redhat.com/security/data/cve/CVE-2011-4619.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPHyS1XlSAg2UNWIIRAhxXAKClR3xRopyhygA4PgLUnO qWacOsfwCfSKMv
npqkzmNKX5c+YRYaCNRkdvw=
=rGKW
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 02-01-2012, 05:58 PM
 
Default Moderate: openssl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2012:0086-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0086.html
Issue date: 2012-02-01
CVE Names: CVE-2011-4576 CVE-2011-4619
================================================== ===================

1. Summary:

Updated openssl packages that fix two security issues are now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An information leak flaw was found in the SSL 3.0 protocol implementation
in OpenSSL. Incorrect initialization of SSL record padding bytes could
cause an SSL client or server to send a limited amount of possibly
sensitive data to its SSL peer via the encrypted connection.
(CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL
handshake restarts required to support Server Gated Cryptography. A remote
attacker could use this flaw to make a TLS/SSL server using OpenSSL consume
an excessive amount of CPU by continuously restarting the handshake.
(CVE-2011-4619)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding
771780 - CVE-2011-4619 openssl: SGC restart DoS attack

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.18.el4.src.rpm

i386:
openssl-0.9.7a-43.18.el4.i386.rpm
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-perl-0.9.7a-43.18.el4.i386.rpm

ia64:
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-0.9.7a-43.18.el4.ia64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.ia64.rpm
openssl-devel-0.9.7a-43.18.el4.ia64.rpm
openssl-perl-0.9.7a-43.18.el4.ia64.rpm

ppc:
openssl-0.9.7a-43.18.el4.ppc.rpm
openssl-0.9.7a-43.18.el4.ppc64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.ppc.rpm
openssl-debuginfo-0.9.7a-43.18.el4.ppc64.rpm
openssl-devel-0.9.7a-43.18.el4.ppc.rpm
openssl-devel-0.9.7a-43.18.el4.ppc64.rpm
openssl-perl-0.9.7a-43.18.el4.ppc.rpm

s390:
openssl-0.9.7a-43.18.el4.s390.rpm
openssl-debuginfo-0.9.7a-43.18.el4.s390.rpm
openssl-devel-0.9.7a-43.18.el4.s390.rpm
openssl-perl-0.9.7a-43.18.el4.s390.rpm

s390x:
openssl-0.9.7a-43.18.el4.s390.rpm
openssl-0.9.7a-43.18.el4.s390x.rpm
openssl-debuginfo-0.9.7a-43.18.el4.s390.rpm
openssl-debuginfo-0.9.7a-43.18.el4.s390x.rpm
openssl-devel-0.9.7a-43.18.el4.s390.rpm
openssl-devel-0.9.7a-43.18.el4.s390x.rpm
openssl-perl-0.9.7a-43.18.el4.s390x.rpm

x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-0.9.7a-43.18.el4.x86_64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.x86_64.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.18.el4.src.rpm

i386:
openssl-0.9.7a-43.18.el4.i386.rpm
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-perl-0.9.7a-43.18.el4.i386.rpm

x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-0.9.7a-43.18.el4.x86_64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.x86_64.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.18.el4.src.rpm

i386:
openssl-0.9.7a-43.18.el4.i386.rpm
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-perl-0.9.7a-43.18.el4.i386.rpm

ia64:
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-0.9.7a-43.18.el4.ia64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.ia64.rpm
openssl-devel-0.9.7a-43.18.el4.ia64.rpm
openssl-perl-0.9.7a-43.18.el4.ia64.rpm

x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-0.9.7a-43.18.el4.x86_64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.x86_64.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.18.el4.src.rpm

i386:
openssl-0.9.7a-43.18.el4.i386.rpm
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-perl-0.9.7a-43.18.el4.i386.rpm

ia64:
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-0.9.7a-43.18.el4.ia64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.ia64.rpm
openssl-devel-0.9.7a-43.18.el4.ia64.rpm
openssl-perl-0.9.7a-43.18.el4.ia64.rpm

x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm
openssl-0.9.7a-43.18.el4.x86_64.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i386.rpm
openssl-debuginfo-0.9.7a-43.18.el4.i686.rpm
openssl-debuginfo-0.9.7a-43.18.el4.x86_64.rpm
openssl-devel-0.9.7a-43.18.el4.i386.rpm
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4576.html
https://www.redhat.com/security/data/cve/CVE-2011-4619.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPKYstXlSAg2UNWIIRAr/pAJ9Te6gGVLKF/deTvbc7P5nMOmqijgCgrJ1B
bdrF1JtstAdGlvaE4lWsNrQ=
=1X3a
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 04:17 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org