Skip to navigation

Security Advisory openssl security update

Advisory: RHSA-2004:120-12
Type: Security Advisory
Severity: Important
Issued on: 2004-05-21
Last updated on: 2004-05-21
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0079
CVE-2004-0081
CVE-2004-0112

Details

Updated OpenSSL packages that fix several remote denial of service
vulnerabilities are available for Red Hat Enterprise Linux 3.

The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),
Transport Layer Security (TLS v1) protocols, and serves as a full-strength
general purpose cryptography library.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a null-pointer assignment in the do_change_cipher_spec() function
in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could
perform a carefully crafted SSL/TLS handshake against a server that uses
the OpenSSL library in such a way as to cause OpenSSL to crash. Depending
on the application this could lead to a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0079 to this issue.

Stephen Henson discovered a flaw in SSL/TLS handshaking code when using
Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could
perform a carefully crafted SSL/TLS handshake against a server configured
to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash.
Most applications have no ability to use Kerberos ciphersuites and will
therefore be unaffected by this issue. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to
this issue.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may
lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0081 to this issue. This issue affects only the OpenSSL
compatibility packages shipped with Red Hat Enterprise Linux 3.

These updated packages contain patches provided by the OpenSSL group that
protect against these issues.

Additionally, the version of libica included in the OpenSSL packages has
been updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries
customers and is required for the latest openCryptoki packages.

NOTE: Because server applications are affected by this issue, users are
advised to either restart all services that use OpenSSL functionality or
restart their systems after installing these updates.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
 
IA-32:
openssl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: d05bb8902819dc2c689a70e9db80d744
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-devel-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3f3d4ecbe4b1587939502f92f24e2b37
openssl-perl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 7dbb734563c4c2ba2b1c4f2908e452ce
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
 
x86_64:
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 02e2620abd085cca1fd3ff02d6e6b027
openssl-devel-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 31ee33af40c6077a0433c50227bf1d2f
openssl-perl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 5b6fef5ba19a4abc843da86aa285110e
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
openssl096b-0.9.6b-16.x86_64.rpm
File outdated by:  RHSA-2010:0173
    MD5: 93d75bd894053d6017157269654f2580
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
 
IA-32:
openssl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: d05bb8902819dc2c689a70e9db80d744
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-devel-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3f3d4ecbe4b1587939502f92f24e2b37
openssl-perl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 7dbb734563c4c2ba2b1c4f2908e452ce
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
 
IA-64:
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 55cabb0cf72a17fbdc4ec3f645189506
openssl-devel-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3199e19f8077fc05b34315f214ac721c
openssl-perl-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: c861a0dd00d2f843ac8c7865f78103b2
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
openssl096b-0.9.6b-16.ia64.rpm
File outdated by:  RHSA-2010:0173
    MD5: 0152bfbded573d76abe5463cdda0f12f
 
PPC:
openssl-0.9.7a-33.4.ppc.rpm
File outdated by:  RHSA-2010:0163
    MD5: 99c6aeac7b0ea8535e1984459d76e3bf
openssl-0.9.7a-33.4.ppc64.rpm
File outdated by:  RHSA-2010:0163
    MD5: ed685cb7cec41e6dfbd56914aeb074b5
openssl-devel-0.9.7a-33.4.ppc.rpm
File outdated by:  RHSA-2010:0163
    MD5: 76ebb7864ad21d231a557a0819ec9de9
openssl-perl-0.9.7a-33.4.ppc.rpm
File outdated by:  RHSA-2010:0163
    MD5: cfe5035405485155fad6e270f62ac383
openssl096b-0.9.6b-16.ppc.rpm
File outdated by:  RHSA-2010:0173
    MD5: 4e648449f2c1db92a638b0287fd42165
 
s390:
openssl-0.9.7a-33.4.s390.rpm
File outdated by:  RHSA-2010:0163
    MD5: bef3431f7d8c1aef5342b63b59995d4b
openssl-devel-0.9.7a-33.4.s390.rpm
File outdated by:  RHSA-2010:0163
    MD5: c5be24b20d318c17634fe70e548a49c4
openssl-perl-0.9.7a-33.4.s390.rpm
File outdated by:  RHSA-2010:0163
    MD5: 8047af064fc9b2c4473208ef71f89551
openssl096b-0.9.6b-16.s390.rpm
File outdated by:  RHSA-2010:0173
    MD5: bf0a81fbcde746ad2d90502fa07e2b08
 
s390x:
openssl-0.9.7a-33.4.s390.rpm
File outdated by:  RHSA-2010:0163
    MD5: bef3431f7d8c1aef5342b63b59995d4b
openssl-0.9.7a-33.4.s390x.rpm
File outdated by:  RHSA-2010:0163
    MD5: e32a76bcacbdf9784cea51e72ebbd0be
openssl-devel-0.9.7a-33.4.s390x.rpm
File outdated by:  RHSA-2010:0163
    MD5: a79b9cf9018edc2a329569bdf4539012
openssl-perl-0.9.7a-33.4.s390x.rpm
File outdated by:  RHSA-2010:0163
    MD5: 94d49f39aa1e86c37e697ece88b1dcfb
openssl096b-0.9.6b-16.s390.rpm
File outdated by:  RHSA-2010:0173
    MD5: bf0a81fbcde746ad2d90502fa07e2b08
 
x86_64:
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 02e2620abd085cca1fd3ff02d6e6b027
openssl-devel-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 31ee33af40c6077a0433c50227bf1d2f
openssl-perl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 5b6fef5ba19a4abc843da86aa285110e
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
openssl096b-0.9.6b-16.x86_64.rpm
File outdated by:  RHSA-2010:0173
    MD5: 93d75bd894053d6017157269654f2580
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
 
IA-32:
openssl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: d05bb8902819dc2c689a70e9db80d744
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-devel-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3f3d4ecbe4b1587939502f92f24e2b37
openssl-perl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 7dbb734563c4c2ba2b1c4f2908e452ce
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
 
IA-64:
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 55cabb0cf72a17fbdc4ec3f645189506
openssl-devel-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3199e19f8077fc05b34315f214ac721c
openssl-perl-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: c861a0dd00d2f843ac8c7865f78103b2
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
openssl096b-0.9.6b-16.ia64.rpm
File outdated by:  RHSA-2010:0173
    MD5: 0152bfbded573d76abe5463cdda0f12f
 
x86_64:
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 02e2620abd085cca1fd3ff02d6e6b027
openssl-devel-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 31ee33af40c6077a0433c50227bf1d2f
openssl-perl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 5b6fef5ba19a4abc843da86aa285110e
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
openssl096b-0.9.6b-16.x86_64.rpm
File outdated by:  RHSA-2010:0173
    MD5: 93d75bd894053d6017157269654f2580
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl-0.9.7a-33.4.src.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3b3b2a993ec786f7a1f31c7ec284ea1e
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
openssl096b-0.9.6b-16.src.rpm
File outdated by:  RHSA-2010:0173
    MD5: fbe9785da72499e6a1bd2063ed6f4c98
 
IA-32:
openssl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: d05bb8902819dc2c689a70e9db80d744
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-devel-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3f3d4ecbe4b1587939502f92f24e2b37
openssl-perl-0.9.7a-33.4.i386.rpm
File outdated by:  RHSA-2010:0163
    MD5: 7dbb734563c4c2ba2b1c4f2908e452ce
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
 
IA-64:
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 55cabb0cf72a17fbdc4ec3f645189506
openssl-devel-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 3199e19f8077fc05b34315f214ac721c
openssl-perl-0.9.7a-33.4.ia64.rpm
File outdated by:  RHSA-2010:0163
    MD5: c861a0dd00d2f843ac8c7865f78103b2
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
openssl096b-0.9.6b-16.ia64.rpm
File outdated by:  RHSA-2010:0173
    MD5: 0152bfbded573d76abe5463cdda0f12f
 
x86_64:
openssl-0.9.7a-33.4.i686.rpm
File outdated by:  RHSA-2010:0163
    MD5: 23ea387b8e0d59674b221cf6bd711da5
openssl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 02e2620abd085cca1fd3ff02d6e6b027
openssl-devel-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 31ee33af40c6077a0433c50227bf1d2f
openssl-perl-0.9.7a-33.4.x86_64.rpm
File outdated by:  RHSA-2010:0163
    MD5: 5b6fef5ba19a4abc843da86aa285110e
openssl096b-0.9.6b-16.i386.rpm
File outdated by:  RHSA-2010:0173
    MD5: 01f99bab463ea2a0c34a2435776bbb07
openssl096b-0.9.6b-16.x86_64.rpm
File outdated by:  RHSA-2010:0173
    MD5: 93d75bd894053d6017157269654f2580
 

Bugs fixed (see bugzilla for more information)

117770 - CAN-2004-0079/0081/0112 Flaws in OpenSSL


References


Keywords

DoS


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/