Skip to navigation

Security Advisory Updated openssl packages available

Advisory: RHSA-2001:051-18
Type: Security Advisory
Severity: N/A
Issued on: 2001-04-17
Last updated on: 2001-07-18
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1

Details

Updated openssl packages are now available for Red Hat Linux 6.x and 7.
These packages include security-related changes made in OpenSSL 0.9.6a and
0.9.6b which have been backported to previous versions released for Red Hat
Linux.

In addition, this advisory provides OpenSSL 0.9.6 packages for Red Hat
Linux 7, which may be used by future updates to both Red Hat Linux 7 and
Red Hat Linux 7.1.

Versions of OpenSSL prior to 0.9.6a suffer from potential security
problems. These include potential leakage of information after SSL
version 3 key exchanges, imperfect distribution of random numbers used
when generating signatures, honoring of sensitive environment variables
in library functions in setuid or setgid applications, and not taking
precautions to counter effects of potential hardware glitches when
generating digital signatures.

A flaw has also been found in the pseudo-random number generator used
in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team has
released a patch which corrects this problem.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For all RPMs downloaded for your particular architecture, run:

rpm -Uvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Note that
you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs. Because of dependencies, the packages must be
installed as a group.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages


References


Keywords

prng


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/