Updated OpenSSL packages are available for Red Hat Linux Advanced Server.
These updates fix multiple protocol parsing bugs, which may cause a denial
of service (DoS) attack or cause SSL-enabled applications to crash.
[Updated 06 Jan 2003]
Added fixed packages for the ia64 architecture.
[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1
OpenSSL is a commercial-grade, full-featured, and open source toolkit
which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library.
Portions of the SSL protocol data stream, which include the lengths of
structures which are being transferred, may not be properly validated.
This may allow a malicious server or client to cause an affected
application to crash or enter an infinite loop, which can be used as a
denial of service (DoS) attack if the application is a server. It has not
been verified if this issue could lead to further consequences such as
remote code execution.
These errata packages contain a patch to correct this vulnerability.
Please note that the original patch from the OpenSSL team had a mistake in
it which could possibly still allow buffer overflows to occur. This bug
is also fixed in these errata packages.
NOTE:
Please read the Solution section below as it contains instructions for
making sure that all SSL-enabled processes are restarted after the update
is applied.
Thanks go to the OpenSSL team for providing patches for these issues.
| Red Hat Enterprise Linux AS (v. 2.1) |
|
| SRPMS: |
openssl-0.9.6b-28.src.rpm
File outdated by: RHSA-2009:0004 |
a502539af00bf8fc4f184542dbe2a57f |
openssl095a-0.9.5a-18.src.rpm
File outdated by: RHSA-2009:0004 |
5ef4beb986cb64aaae2cfd5726a03659 |
openssl096-0.9.6-13.src.rpm
File outdated by: RHSA-2009:0004 |
79423e3818cf2d6997f440d8878b5b5c |
| |
| IA-32: |
openssl-0.9.6b-28.i386.rpm
File outdated by: RHSA-2009:0004 |
c0a52c85725b1ecff52d9c1372472360 |
openssl-0.9.6b-28.i686.rpm
File outdated by: RHSA-2009:0004 |
aec758aeb92b8f6b49365374e7896877 |
openssl-devel-0.9.6b-28.i386.rpm
File outdated by: RHSA-2009:0004 |
bdf9826263203f54685e81bb71815fd0 |
openssl-perl-0.9.6b-28.i386.rpm
File outdated by: RHSA-2009:0004 |
98fd036fc344c1a058d7d62c0cdbdeef |
openssl095a-0.9.5a-18.i386.rpm
File outdated by: RHSA-2009:0004 |
49b87abfb69a066756eed6441c226775 |
openssl096-0.9.6-13.i386.rpm
File outdated by: RHSA-2009:0004 |
f8852fa073d9e6462264c98c694339be |
| |
| IA-64: |
openssl-0.9.6b-28.ia64.rpm
File outdated by: RHSA-2009:0004 |
c95cd939889b64b199fd477d950d1bad |
openssl-devel-0.9.6b-28.ia64.rpm
File outdated by: RHSA-2009:0004 |
ad2477c7f4b611c7c800eedd8856489a |
openssl-perl-0.9.6b-28.ia64.rpm
File outdated by: RHSA-2009:0004 |
8e4b14c78ed76602a0e377c7559b0747 |
openssl095a-0.9.5a-18.ia64.rpm
File outdated by: RHSA-2009:0004 |
f6615406c84745284f0e7e9b0d4d0d99 |
openssl096-0.9.6-13.ia64.rpm
File outdated by: RHSA-2009:0004 |
975e5824273ba98163fe9efe841053c5 |
| |
| Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor |
|
| SRPMS: |
openssl-0.9.6b-28.src.rpm
File outdated by: RHSA-2009:0004 |
a502539af00bf8fc4f184542dbe2a57f |
openssl095a-0.9.5a-18.src.rpm
File outdated by: RHSA-2009:0004 |
5ef4beb986cb64aaae2cfd5726a03659 |
openssl096-0.9.6-13.src.rpm
File outdated by: RHSA-2009:0004 |
79423e3818cf2d6997f440d8878b5b5c |
| |
| IA-64: |
openssl-0.9.6b-28.ia64.rpm
File outdated by: RHSA-2009:0004 |
c95cd939889b64b199fd477d950d1bad |
openssl-devel-0.9.6b-28.ia64.rpm
File outdated by: RHSA-2009:0004 |
ad2477c7f4b611c7c800eedd8856489a |
openssl-perl-0.9.6b-28.ia64.rpm
File outdated by: RHSA-2009:0004 |
8e4b14c78ed76602a0e377c7559b0747 |
openssl095a-0.9.5a-18.ia64.rpm
File outdated by: RHSA-2009:0004 |
f6615406c84745284f0e7e9b0d4d0d99 |
openssl096-0.9.6-13.ia64.rpm
File outdated by: RHSA-2009:0004 |
975e5824273ba98163fe9efe841053c5 |
| |
(The unlinked packages above are only available from the Red Hat Network)
|
70111 - RHSA-2002:161 - OpenSSL protocol parsing bugs
openssl security update