Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2015:2617-01] Moderate: openssl security update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: openssl security update

Advisory ID: RHSA-2015:2617-01

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html

Issue date: 2015-12-14

CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196

=====================================================================

 

1. Summary:

 

Updated openssl packages that fix three security issues are now available

for Red Hat Enterprise Linux 6 and 7.

 

Red Hat Product Security has rated this update as having Moderate security

impact. Common Vulnerability Scoring System (CVSS) base scores, which give

detailed severity ratings, are available for each vulnerability from the

CVE links in the References section.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux HPC Node (v. 6) - x86_64

Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

 

3. Description:

 

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)

and Transport Layer Security (TLS v1) protocols, as well as a

full-strength, general purpose cryptography library.

 

A NULL pointer derefernce flaw was found in the way OpenSSL verified

signatures using the RSA PSS algorithm. A remote attacked could possibly

use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server

using OpenSSL if it enabled client authentication. (CVE-2015-3194)

 

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and

CMS data. A remote attacker could use this flaw to cause an application

that parses PKCS#7 or CMS data from untrusted sources to use an excessive

amount of memory and possibly crash. (CVE-2015-3195)

 

A race condition flaw, leading to a double free, was found in the way

OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker

could use this flaw to crash a multi-threaded SSL/TLS client using

OpenSSL. (CVE-2015-3196)

 

All openssl users are advised to upgrade to these updated packages, which

contain backported patches to correct these issues. For the update to take

effect, all services linked to the OpenSSL library must be restarted, or

the system rebooted.

 

4. Solution:

 

Before applying this update, make sure all previously released errata

relevant to your system have been applied.

 

For details on how to apply this update, refer to:

 

https://access.redhat.com/articles/11258

 

5. Bugs fixed (https://bugzilla.redhat.com/):

 

1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter

1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak

1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

 

6. Package List:

 

Red Hat Enterprise Linux Desktop (v. 6):

 

Source:

openssl-1.0.1e-42.el6_7.1.src.rpm

 

i386:

openssl-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

 

x86_64:

openssl-1.0.1e-42.el6_7.1.i686.rpm

openssl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux Desktop Optional (v. 6):

 

i386:

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

openssl-perl-1.0.1e-42.el6_7.1.i686.rpm

openssl-static-1.0.1e-42.el6_7.1.i686.rpm

 

x86_64:

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux HPC Node (v. 6):

 

Source:

openssl-1.0.1e-42.el6_7.1.src.rpm

 

x86_64:

openssl-1.0.1e-42.el6_7.1.i686.rpm

openssl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux HPC Node Optional (v. 6):

 

x86_64:

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux Server (v. 6):

 

Source:

openssl-1.0.1e-42.el6_7.1.src.rpm

 

i386:

openssl-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

 

ppc64:

openssl-1.0.1e-42.el6_7.1.ppc.rpm

openssl-1.0.1e-42.el6_7.1.ppc64.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm

openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm

openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm

 

s390x:

openssl-1.0.1e-42.el6_7.1.s390.rpm

openssl-1.0.1e-42.el6_7.1.s390x.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm

openssl-devel-1.0.1e-42.el6_7.1.s390.rpm

openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm

 

x86_64:

openssl-1.0.1e-42.el6_7.1.i686.rpm

openssl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux Server Optional (v. 6):

 

i386:

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-perl-1.0.1e-42.el6_7.1.i686.rpm

openssl-static-1.0.1e-42.el6_7.1.i686.rpm

 

ppc64:

openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm

openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm

openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm

 

s390x:

openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm

openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm

openssl-static-1.0.1e-42.el6_7.1.s390x.rpm

 

x86_64:

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux Workstation (v. 6):

 

Source:

openssl-1.0.1e-42.el6_7.1.src.rpm

 

i386:

openssl-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

 

x86_64:

openssl-1.0.1e-42.el6_7.1.i686.rpm

openssl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux Workstation Optional (v. 6):

 

i386:

openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

openssl-perl-1.0.1e-42.el6_7.1.i686.rpm

openssl-static-1.0.1e-42.el6_7.1.i686.rpm

 

x86_64:

openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm

openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

 

Red Hat Enterprise Linux Client (v. 7):

 

Source:

openssl-1.0.1e-51.el7_2.1.src.rpm

 

x86_64:

openssl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-libs-1.0.1e-51.el7_2.1.i686.rpm

openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

 

Red Hat Enterprise Linux Client Optional (v. 7):

 

x86_64:

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-devel-1.0.1e-51.el7_2.1.i686.rpm

openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-static-1.0.1e-51.el7_2.1.i686.rpm

openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

 

Red Hat Enterprise Linux ComputeNode (v. 7):

 

Source:

openssl-1.0.1e-51.el7_2.1.src.rpm

 

x86_64:

openssl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-libs-1.0.1e-51.el7_2.1.i686.rpm

openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

 

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

 

x86_64:

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-devel-1.0.1e-51.el7_2.1.i686.rpm

openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-static-1.0.1e-51.el7_2.1.i686.rpm

openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

 

Red Hat Enterprise Linux Server (v. 7):

 

Source:

openssl-1.0.1e-51.el7_2.1.src.rpm

 

aarch64:

openssl-1.0.1e-51.el7_2.1.aarch64.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm

openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm

openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm

 

ppc64:

openssl-1.0.1e-51.el7_2.1.ppc64.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm

openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm

openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm

openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm

openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm

 

ppc64le:

openssl-1.0.1e-51.el7_2.1.ppc64le.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm

openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm

openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm

 

s390x:

openssl-1.0.1e-51.el7_2.1.s390x.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm

openssl-devel-1.0.1e-51.el7_2.1.s390.rpm

openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm

openssl-libs-1.0.1e-51.el7_2.1.s390.rpm

openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm

 

x86_64:

openssl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-devel-1.0.1e-51.el7_2.1.i686.rpm

openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-libs-1.0.1e-51.el7_2.1.i686.rpm

openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

 

Red Hat Enterprise Linux Server Optional (v. 7):

 

aarch64:

openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm

openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm

openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm

 

ppc64:

openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm

openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm

openssl-static-1.0.1e-51.el7_2.1.ppc.rpm

openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm

 

ppc64le:

openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm

openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm

openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm

 

s390x:

openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm

openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm

openssl-static-1.0.1e-51.el7_2.1.s390.rpm

openssl-static-1.0.1e-51.el7_2.1.s390x.rpm

 

x86_64:

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-static-1.0.1e-51.el7_2.1.i686.rpm

openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

 

Red Hat Enterprise Linux Workstation (v. 7):

 

Source:

openssl-1.0.1e-51.el7_2.1.src.rpm

 

x86_64:

openssl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-devel-1.0.1e-51.el7_2.1.i686.rpm

openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-libs-1.0.1e-51.el7_2.1.i686.rpm

openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

 

Red Hat Enterprise Linux Workstation Optional (v. 7):

 

x86_64:

openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm

openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm

openssl-static-1.0.1e-51.el7_2.1.i686.rpm

openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/

 

7. References:

 

https://access.redhat.com/security/cve/CVE-2015-3194

https://access.redhat.com/security/cve/CVE-2015-3195

https://access.redhat.com/security/cve/CVE-2015-3196

https://access.redhat.com/security/updates/classification/#moderate

https://openssl.org/news/secadv/20151203.txt

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2015 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

 

iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4

dpIS/iR9oiOKMXJY5t447ME=

=qvLr

-----END PGP SIGNATURE-----

 

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×