Security Advisory openssl security update

Advisory: RHSA-2005:800-8
Type: Security Advisory
Severity: Moderate
Issued on: 2005-10-11
Last updated on: 2005-10-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-0109
CVE-2005-2969

Details

Updated OpenSSL packages that fix various security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

OpenSSL contained a software work-around for a bug in SSL handling in
Microsoft Internet Explorer version 3.0.2. This work-around is enabled in
most servers that use OpenSSL to provide support for SSL and TLS. Yutaka
Oiwa discovered that this work-around could allow an attacker, acting as a
"man in the middle" to force an SSL connection to use SSL 2.0 rather than a
stronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2969
to this issue.

A bug was also fixed in the way OpenSSL creates DSA signatures. A cache
timing attack was fixed in RHSA-2005-476 which caused OpenSSL to do private
key calculations with a fixed time window. The DSA fix for this was not
complete and the calculations are not always performed within a
fixed-window. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0109 to this issue.

Users are advised to upgrade to these updated packages, which remove the
MISE 3.0.2 work-around and contain patches to correct these issues.

Note: After installing this update, users are advised to either
restart all services that use OpenSSL or restart their system.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
openssl-0.9.7a-33.17.src.rpm
File outdated by:  RHSA-2009:0004		     354b6fe6f3f7c554e214705476f5fd6b
openssl096b-0.9.6b-16.22.4.src.rpm
File outdated by:  RHSA-2009:0004		     51050db4274f8cf2c23e83b9f920823c
 
IA-32:
openssl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     19ef2fd3daf3a64ef387d829e02fa13d
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-devel-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     b67de10b4d936e6c6e15842669891dd5
openssl-perl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     e62d8bb92888a355c7568d981b52a00c
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
 
x86_64:
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f9ed153d791467b2d483c9720bb0691c
openssl-devel-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f83a7b2ebbf6521cda11eb9f289c5be2
openssl-perl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     35be124181254ab736220873b93ef435
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
openssl096b-0.9.6b-16.22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8ef52be550794612982f48dc44a75164
 
Red Hat Desktop (v. 4)
SRPMS:
openssl-0.9.7a-43.4.src.rpm
File outdated by:  RHSA-2009:0004		     41053d76c1b7ca3e9f39e0a72f9e5516
openssl096b-0.9.6b-22.4.src.rpm
File outdated by:  RHSA-2009:0004		     fd850ca74d4c62cd275df9d1faf1a0bc
 
IA-32:
openssl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     078d5f370a0865e4ff89587e1e4a70e6
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-devel-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     8c82fce2ae4a899050a7c482d083fe26
openssl-perl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     152c3c792f99930617b7415c0e44cee9
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
 
x86_64:
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     d5b71525c2dbc6061ef1a92257d1002f
openssl-devel-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     6d6ad93bc9a5e4ee479c9680369cb520
openssl-perl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     3ddd6acb3032f402308e7aa7881b6100
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
openssl096b-0.9.6b-22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8e87576bd717ea310051520aec474bcd
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
openssl-0.9.6b-40.src.rpm
File outdated by:  RHSA-2009:0004		     d748ded27f74e62bbbeb534d7e8c57a6
openssl095a-0.9.5a-26.src.rpm
File outdated by:  RHSA-2009:0004		     a7cbf626fdd543cdde496b7c1bd90deb
openssl096-0.9.6-27.src.rpm
File outdated by:  RHSA-2009:0004		     a22723bc1cebefaf0bf1732db1b6993a
 
IA-32:
openssl-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     7598a76054596595dbf8a27704cfe443
openssl-0.9.6b-40.i686.rpm
File outdated by:  RHSA-2009:0004		     7b87e812c7525fff5359c447af9bff31
openssl-devel-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     cc868bc2eecbd4c868d350e9f0b75bca
openssl-perl-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     c15fb21ea44810c6199574a083c1ff28
openssl095a-0.9.5a-26.i386.rpm
File outdated by:  RHSA-2009:0004		     f2627de5b33f88fe10a45e48c795f238
openssl096-0.9.6-27.i386.rpm
File outdated by:  RHSA-2009:0004		     3d7007cd5d63c3be7edb16c65fb016bb
 
IA-64:
openssl-0.9.6b-40.ia64.rpm
File outdated by:  RHSA-2009:0004		     15f6e57309e119e11e902408f9e555ac
openssl-devel-0.9.6b-40.ia64.rpm
File outdated by:  RHSA-2009:0004		     6af1c3bedd8aa0457a78cb250fe4efab
openssl-perl-0.9.6b-40.ia64.rpm
File outdated by:  RHSA-2009:0004		     7a23a73d58531a0cacabd83e10c5fc28
openssl095a-0.9.5a-26.ia64.rpm
File outdated by:  RHSA-2009:0004		     2d7b85a090d85e26c4965bc96827d716
openssl096-0.9.6-27.ia64.rpm
File outdated by:  RHSA-2009:0004		     1b838b7f6891028d30dbeb9550d02cc9
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
openssl-0.9.7a-33.17.src.rpm
File outdated by:  RHSA-2009:0004		     354b6fe6f3f7c554e214705476f5fd6b
openssl096b-0.9.6b-16.22.4.src.rpm
File outdated by:  RHSA-2009:0004		     51050db4274f8cf2c23e83b9f920823c
 
IA-32:
openssl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     19ef2fd3daf3a64ef387d829e02fa13d
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-devel-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     b67de10b4d936e6c6e15842669891dd5
openssl-perl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     e62d8bb92888a355c7568d981b52a00c
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
 
IA-64:
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     63367058530617620126aa655e1c564d
openssl-devel-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     5e316e5cc36068ee8afe9bfa95f61a15
openssl-perl-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     e44fe78a64bcbe2511c523bf1ab78011
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
openssl096b-0.9.6b-16.22.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     fae0e7644a317001f0ac387213f77f87
 
PPC:
openssl-0.9.7a-33.17.ppc.rpm
File outdated by:  RHSA-2009:0004		     3af4d96fa3ee2b80ba5e2854a5131a80
openssl-0.9.7a-33.17.ppc64.rpm
File outdated by:  RHSA-2009:0004		     79b90e9978aea6fb3f4e46facdb17fb7
openssl-devel-0.9.7a-33.17.ppc.rpm
File outdated by:  RHSA-2009:0004		     863b56d4fd9ad3bb665dc47db79b908b
openssl-perl-0.9.7a-33.17.ppc.rpm
File outdated by:  RHSA-2009:0004		     4bb33e19267f259dc942cae30f362693
openssl096b-0.9.6b-16.22.4.ppc.rpm
File outdated by:  RHSA-2009:0004		     6760f451c6117d996d481bec58cb61ad
 
s390:
openssl-0.9.7a-33.17.s390.rpm
File outdated by:  RHSA-2009:0004		     dcc3b6bc8db4e2b1108bf3f1b10fc67b
openssl-devel-0.9.7a-33.17.s390.rpm
File outdated by:  RHSA-2009:0004		     43ad0817ff7ca0daec654d117ee9960e
openssl-perl-0.9.7a-33.17.s390.rpm
File outdated by:  RHSA-2009:0004		     d9fd01ad2432de59efa1c1c45dd66a83
openssl096b-0.9.6b-16.22.4.s390.rpm
File outdated by:  RHSA-2009:0004		     273e02eb3c9a6d6a1be07ffaf1890ac1
 
s390x:
openssl-0.9.7a-33.17.s390.rpm
File outdated by:  RHSA-2009:0004		     dcc3b6bc8db4e2b1108bf3f1b10fc67b
openssl-0.9.7a-33.17.s390x.rpm
File outdated by:  RHSA-2009:0004		     bb9a77d45b3ae89c999766ae27f89bdb
openssl-devel-0.9.7a-33.17.s390x.rpm
File outdated by:  RHSA-2009:0004		     4b4a898eeaa57b501bca9cfd648565d1
openssl-perl-0.9.7a-33.17.s390x.rpm
File outdated by:  RHSA-2009:0004		     430c0f982d0046b35fedbcd28ef5ee85
openssl096b-0.9.6b-16.22.4.s390.rpm
File outdated by:  RHSA-2009:0004		     273e02eb3c9a6d6a1be07ffaf1890ac1
 
x86_64:
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f9ed153d791467b2d483c9720bb0691c
openssl-devel-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f83a7b2ebbf6521cda11eb9f289c5be2
openssl-perl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     35be124181254ab736220873b93ef435
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
openssl096b-0.9.6b-16.22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8ef52be550794612982f48dc44a75164
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
openssl-0.9.7a-43.4.src.rpm
File outdated by:  RHSA-2009:0004		     41053d76c1b7ca3e9f39e0a72f9e5516
openssl096b-0.9.6b-22.4.src.rpm
File outdated by:  RHSA-2009:0004		     fd850ca74d4c62cd275df9d1faf1a0bc
 
IA-32:
openssl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     078d5f370a0865e4ff89587e1e4a70e6
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-devel-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     8c82fce2ae4a899050a7c482d083fe26
openssl-perl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     152c3c792f99930617b7415c0e44cee9
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
 
IA-64:
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     d62851760f66f1243c6261952588d14b
openssl-devel-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     c14121a3f8923eb5c45b56e2aaf300bb
openssl-perl-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     dc18361ff72e8d6bf1d900e68a1be977
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
openssl096b-0.9.6b-22.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     904defad4950d4be4a5440a56e93d9d3
 
PPC:
openssl-0.9.7a-43.4.ppc.rpm
File outdated by:  RHSA-2009:0004		     3b8d4cbce1b67efd6c2cbe3aa3365858
openssl-0.9.7a-43.4.ppc64.rpm
File outdated by:  RHSA-2009:0004		     bdf81b9f8225b1a66d0d15bfe74ed7fa
openssl-devel-0.9.7a-43.4.ppc.rpm
File outdated by:  RHSA-2009:0004		     5d9f79d875b7d91d74b1ec0c134b231f
openssl-perl-0.9.7a-43.4.ppc.rpm
File outdated by:  RHSA-2009:0004		     83afc96da53b50e2cbde2595b3b68a99
openssl096b-0.9.6b-22.4.ppc.rpm
File outdated by:  RHSA-2009:0004		     5150cc49279a92100bc9f1e06c8ecebb
 
s390:
openssl-0.9.7a-43.4.s390.rpm
File outdated by:  RHSA-2009:0004		     f5795878194436f60e96b6ce513b9b30
openssl-devel-0.9.7a-43.4.s390.rpm
File outdated by:  RHSA-2009:0004		     22cf17b11d3a044df2887eab133428f9
openssl-perl-0.9.7a-43.4.s390.rpm
File outdated by:  RHSA-2009:0004		     745e5b912ecb0ae9702e278adcfae75e
openssl096b-0.9.6b-22.4.s390.rpm
File outdated by:  RHSA-2009:0004		     34dc34a9c4ab3190b36c48d730a58cc7
 
s390x:
openssl-0.9.7a-43.4.s390.rpm
File outdated by:  RHSA-2009:0004		     f5795878194436f60e96b6ce513b9b30
openssl-0.9.7a-43.4.s390x.rpm
File outdated by:  RHSA-2009:0004		     690dc17cd3c1d6dca7dc80dfea81ee7e
openssl-devel-0.9.7a-43.4.s390x.rpm
File outdated by:  RHSA-2009:0004		     e6ba82c77b1c88b440db92608ca612ac
openssl-perl-0.9.7a-43.4.s390x.rpm
File outdated by:  RHSA-2009:0004		     185ba8108fc9e4b6fa95757b906e29bb
openssl096b-0.9.6b-22.4.s390.rpm
File outdated by:  RHSA-2009:0004		     34dc34a9c4ab3190b36c48d730a58cc7
 
x86_64:
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     d5b71525c2dbc6061ef1a92257d1002f
openssl-devel-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     6d6ad93bc9a5e4ee479c9680369cb520
openssl-perl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     3ddd6acb3032f402308e7aa7881b6100
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
openssl096b-0.9.6b-22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8e87576bd717ea310051520aec474bcd
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
openssl-0.9.6b-40.src.rpm
File outdated by:  RHSA-2009:0004		     d748ded27f74e62bbbeb534d7e8c57a6
 
IA-32:
openssl-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     7598a76054596595dbf8a27704cfe443
openssl-0.9.6b-40.i686.rpm
File outdated by:  RHSA-2009:0004		     7b87e812c7525fff5359c447af9bff31
openssl-devel-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     cc868bc2eecbd4c868d350e9f0b75bca
openssl-perl-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     c15fb21ea44810c6199574a083c1ff28
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
openssl-0.9.7a-33.17.src.rpm
File outdated by:  RHSA-2009:0004		     354b6fe6f3f7c554e214705476f5fd6b
openssl096b-0.9.6b-16.22.4.src.rpm
File outdated by:  RHSA-2009:0004		     51050db4274f8cf2c23e83b9f920823c
 
IA-32:
openssl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     19ef2fd3daf3a64ef387d829e02fa13d
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-devel-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     b67de10b4d936e6c6e15842669891dd5
openssl-perl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     e62d8bb92888a355c7568d981b52a00c
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
 
IA-64:
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     63367058530617620126aa655e1c564d
openssl-devel-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     5e316e5cc36068ee8afe9bfa95f61a15
openssl-perl-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     e44fe78a64bcbe2511c523bf1ab78011
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
openssl096b-0.9.6b-16.22.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     fae0e7644a317001f0ac387213f77f87
 
x86_64:
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f9ed153d791467b2d483c9720bb0691c
openssl-devel-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f83a7b2ebbf6521cda11eb9f289c5be2
openssl-perl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     35be124181254ab736220873b93ef435
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
openssl096b-0.9.6b-16.22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8ef52be550794612982f48dc44a75164
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
openssl-0.9.7a-43.4.src.rpm
File outdated by:  RHSA-2009:0004		     41053d76c1b7ca3e9f39e0a72f9e5516
openssl096b-0.9.6b-22.4.src.rpm
File outdated by:  RHSA-2009:0004		     fd850ca74d4c62cd275df9d1faf1a0bc
 
IA-32:
openssl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     078d5f370a0865e4ff89587e1e4a70e6
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-devel-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     8c82fce2ae4a899050a7c482d083fe26
openssl-perl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     152c3c792f99930617b7415c0e44cee9
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
 
IA-64:
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     d62851760f66f1243c6261952588d14b
openssl-devel-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     c14121a3f8923eb5c45b56e2aaf300bb
openssl-perl-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     dc18361ff72e8d6bf1d900e68a1be977
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
openssl096b-0.9.6b-22.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     904defad4950d4be4a5440a56e93d9d3
 
x86_64:
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     d5b71525c2dbc6061ef1a92257d1002f
openssl-devel-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     6d6ad93bc9a5e4ee479c9680369cb520
openssl-perl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     3ddd6acb3032f402308e7aa7881b6100
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
openssl096b-0.9.6b-22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8e87576bd717ea310051520aec474bcd
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
openssl-0.9.6b-40.src.rpm
File outdated by:  RHSA-2009:0004		     d748ded27f74e62bbbeb534d7e8c57a6
 
IA-32:
openssl-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     7598a76054596595dbf8a27704cfe443
openssl-0.9.6b-40.i686.rpm
File outdated by:  RHSA-2009:0004		     7b87e812c7525fff5359c447af9bff31
openssl-devel-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     cc868bc2eecbd4c868d350e9f0b75bca
openssl-perl-0.9.6b-40.i386.rpm
File outdated by:  RHSA-2009:0004		     c15fb21ea44810c6199574a083c1ff28
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
openssl-0.9.7a-33.17.src.rpm
File outdated by:  RHSA-2009:0004		     354b6fe6f3f7c554e214705476f5fd6b
openssl096b-0.9.6b-16.22.4.src.rpm
File outdated by:  RHSA-2009:0004		     51050db4274f8cf2c23e83b9f920823c
 
IA-32:
openssl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     19ef2fd3daf3a64ef387d829e02fa13d
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-devel-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     b67de10b4d936e6c6e15842669891dd5
openssl-perl-0.9.7a-33.17.i386.rpm
File outdated by:  RHSA-2009:0004		     e62d8bb92888a355c7568d981b52a00c
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
 
IA-64:
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     63367058530617620126aa655e1c564d
openssl-devel-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     5e316e5cc36068ee8afe9bfa95f61a15
openssl-perl-0.9.7a-33.17.ia64.rpm
File outdated by:  RHSA-2009:0004		     e44fe78a64bcbe2511c523bf1ab78011
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
openssl096b-0.9.6b-16.22.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     fae0e7644a317001f0ac387213f77f87
 
x86_64:
openssl-0.9.7a-33.17.i686.rpm
File outdated by:  RHSA-2009:0004		     c52ed50d9e3fa7f83524095e874761e2
openssl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f9ed153d791467b2d483c9720bb0691c
openssl-devel-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     f83a7b2ebbf6521cda11eb9f289c5be2
openssl-perl-0.9.7a-33.17.x86_64.rpm
File outdated by:  RHSA-2009:0004		     35be124181254ab736220873b93ef435
openssl096b-0.9.6b-16.22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     06e626b195f69b935eb47c19389b3cc5
openssl096b-0.9.6b-16.22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8ef52be550794612982f48dc44a75164
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
openssl-0.9.7a-43.4.src.rpm
File outdated by:  RHSA-2009:0004		     41053d76c1b7ca3e9f39e0a72f9e5516
openssl096b-0.9.6b-22.4.src.rpm
File outdated by:  RHSA-2009:0004		     fd850ca74d4c62cd275df9d1faf1a0bc
 
IA-32:
openssl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     078d5f370a0865e4ff89587e1e4a70e6
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-devel-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     8c82fce2ae4a899050a7c482d083fe26
openssl-perl-0.9.7a-43.4.i386.rpm
File outdated by:  RHSA-2009:0004		     152c3c792f99930617b7415c0e44cee9
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
 
IA-64:
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     d62851760f66f1243c6261952588d14b
openssl-devel-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     c14121a3f8923eb5c45b56e2aaf300bb
openssl-perl-0.9.7a-43.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     dc18361ff72e8d6bf1d900e68a1be977
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
openssl096b-0.9.6b-22.4.ia64.rpm
File outdated by:  RHSA-2009:0004		     904defad4950d4be4a5440a56e93d9d3
 
x86_64:
openssl-0.9.7a-43.4.i686.rpm
File outdated by:  RHSA-2009:0004		     24e284285b1475fe404e187c5c71d85e
openssl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     d5b71525c2dbc6061ef1a92257d1002f
openssl-devel-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     6d6ad93bc9a5e4ee479c9680369cb520
openssl-perl-0.9.7a-43.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     3ddd6acb3032f402308e7aa7881b6100
openssl096b-0.9.6b-22.4.i386.rpm
File outdated by:  RHSA-2009:0004		     b8fefe05d31388429660d34b30a6b63f
openssl096b-0.9.6b-22.4.x86_64.rpm
File outdated by:  RHSA-2009:0004		     8e87576bd717ea310051520aec474bcd
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
openssl-0.9.6b-40.src.rpm
File outdated by:  RHSA-2009:0004		     d748ded27f74e62bbbeb534d7e8c57a6
openssl095a-0.9.5a-26.src.rpm
File outdated by:  RHSA-2009:0004		     a7cbf626fdd543cdde496b7c1bd90deb
openssl096-0.9.6-27.src.rpm
File outdated by:  RHSA-2009:0004		     a22723bc1cebefaf0bf1732db1b6993a
 
IA-64:
openssl-0.9.6b-40.ia64.rpm
File outdated by:  RHSA-2009:0004		     15f6e57309e119e11e902408f9e555ac
openssl-devel-0.9.6b-40.ia64.rpm
File outdated by:  RHSA-2009:0004		     6af1c3bedd8aa0457a78cb250fe4efab
openssl-perl-0.9.6b-40.ia64.rpm
File outdated by:  RHSA-2009:0004		     7a23a73d58531a0cacabd83e10c5fc28
openssl095a-0.9.5a-26.ia64.rpm
File outdated by:  RHSA-2009:0004		     2d7b85a090d85e26c4965bc96827d716
openssl096-0.9.6-27.ia64.rpm
File outdated by:  RHSA-2009:0004		     1b838b7f6891028d30dbeb9550d02cc9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

169863 - CAN-2005-2969 Potential SSL 2.0 Rollback
170036 - CAN-2005-0109 DSA signing not quite constant time


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/