Red Hat Customer Portal

Skip to main content

Security Advisory Important: openssl098e security update

Advisory: RHSA-2014:0680-1
Type: Security Advisory
Severity: Important
Issued on: 2014-06-10
Last updated on: 2014-06-10
Affected Products: Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2014-0224

Details

Updated openssl098e packages that fix one security issue are now available
for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433

Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.

All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
openssl098e-0.9.8e-29.el7_0.2.src.rpm
File outdated by:  RHSA-2016:0372
    MD5: 8d893319a2405ca3f5119f1b68d67b04
SHA-256: fd8b3c7c6bb5762adbf6ab168a847bc6d2c7e5e8d117f984acc005a889d79229
 
x86_64:
openssl098e-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: e4e328b085da1a0a6a272c79967c0645
SHA-256: 10db2e203457b698816b7fb08ace4da080eb7f0c55ffe1e5e9142a1feb0f7b8c
openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: e2865e27dd271976096cc6e0ed6a639b
SHA-256: f38c1e03e7358cb05c686ef36e40c2a612689e4bbe18fd4c172b7b9a858895bd
openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: 3966382937fb193729da99e3c075c297
SHA-256: 289a65152f6fe5f5865262be9d48b74c80fb7a39771014ef8082ef6dd520282b
openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: d7433d692df738c0c8213c7b9aa603d2
SHA-256: 3b6393da1358d4a4adbc655d177bbc7c2abfa1cea0efe193c4969154eecf1896
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
openssl098e-0.9.8e-29.el7_0.2.src.rpm
File outdated by:  RHSA-2016:0372
    MD5: 8d893319a2405ca3f5119f1b68d67b04
SHA-256: fd8b3c7c6bb5762adbf6ab168a847bc6d2c7e5e8d117f984acc005a889d79229
 
x86_64:
openssl098e-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: e4e328b085da1a0a6a272c79967c0645
SHA-256: 10db2e203457b698816b7fb08ace4da080eb7f0c55ffe1e5e9142a1feb0f7b8c
openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: e2865e27dd271976096cc6e0ed6a639b
SHA-256: f38c1e03e7358cb05c686ef36e40c2a612689e4bbe18fd4c172b7b9a858895bd
openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: 3966382937fb193729da99e3c075c297
SHA-256: 289a65152f6fe5f5865262be9d48b74c80fb7a39771014ef8082ef6dd520282b
openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: d7433d692df738c0c8213c7b9aa603d2
SHA-256: 3b6393da1358d4a4adbc655d177bbc7c2abfa1cea0efe193c4969154eecf1896
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
openssl098e-0.9.8e-29.el7_0.2.src.rpm
File outdated by:  RHSA-2016:0372
    MD5: 8d893319a2405ca3f5119f1b68d67b04
SHA-256: fd8b3c7c6bb5762adbf6ab168a847bc6d2c7e5e8d117f984acc005a889d79229
 
PPC:
openssl098e-0.9.8e-29.el7_0.2.ppc.rpm
File outdated by:  RHSA-2016:0372
    MD5: 2d743258f0bf2be1a0699b50cf6729fe
SHA-256: 28c8a887cbe4460bf8eea0a896da0257e0541aa4e6847de2e41155dd8b7c0705
openssl098e-0.9.8e-29.el7_0.2.ppc64.rpm
File outdated by:  RHSA-2016:0372
    MD5: d85ca6ce34c17d20c022c5b5be07500b
SHA-256: dc91488ccdafb1bd28bbc7db2226b601045f8d8345432658acf7441664aaaa22
openssl098e-debuginfo-0.9.8e-29.el7_0.2.ppc.rpm
File outdated by:  RHSA-2016:0372
    MD5: 803d965817786dfe82b4893b9b3aa58c
SHA-256: 7069080a083ed5c85c7334cbdf6150eca61498178ec17df43cd030d1ff013bd2
openssl098e-debuginfo-0.9.8e-29.el7_0.2.ppc64.rpm
File outdated by:  RHSA-2016:0372
    MD5: ce144c5722a1ef51040be6ce95eed350
SHA-256: 52b081f9f2b97e79b97e3a552af3c4f5a85baee59e209743fb6e10af21c75217
 
s390x:
openssl098e-0.9.8e-29.el7_0.2.s390.rpm
File outdated by:  RHSA-2016:0372
    MD5: 5cd8200f3a990e04e83095495a53e929
SHA-256: 8c94aa0e25583559874a6ff07ae8087abdcc160302f738cea89fb46ee2a2260e
openssl098e-0.9.8e-29.el7_0.2.s390x.rpm
File outdated by:  RHSA-2016:0372
    MD5: 17f9f3fd74cfb840074e8991930265df
SHA-256: 017dcebaa2be7e1a003f06ffb5200e1c4cf3a3a7d7e586296bc65f52b667cd50
openssl098e-debuginfo-0.9.8e-29.el7_0.2.s390.rpm
File outdated by:  RHSA-2016:0372
    MD5: 9fa1fb2434743897a7809253d78a91ca
SHA-256: c3d2c0fb794d262bf5280b03697dea72f52166a5fd7140815a416502b1c07d16
openssl098e-debuginfo-0.9.8e-29.el7_0.2.s390x.rpm
File outdated by:  RHSA-2016:0372
    MD5: 4834fe8670f5de2d02f8a123602e5e6a
SHA-256: 79118e366ae18ca160e2c31757ec36545ad9ebeeecddeb5d7166e0c123be01e4
 
x86_64:
openssl098e-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: e4e328b085da1a0a6a272c79967c0645
SHA-256: 10db2e203457b698816b7fb08ace4da080eb7f0c55ffe1e5e9142a1feb0f7b8c
openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: e2865e27dd271976096cc6e0ed6a639b
SHA-256: f38c1e03e7358cb05c686ef36e40c2a612689e4bbe18fd4c172b7b9a858895bd
openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: 3966382937fb193729da99e3c075c297
SHA-256: 289a65152f6fe5f5865262be9d48b74c80fb7a39771014ef8082ef6dd520282b
openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: d7433d692df738c0c8213c7b9aa603d2
SHA-256: 3b6393da1358d4a4adbc655d177bbc7c2abfa1cea0efe193c4969154eecf1896
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
openssl098e-0.9.8e-29.el7_0.2.src.rpm
File outdated by:  RHSA-2016:0372
    MD5: 8d893319a2405ca3f5119f1b68d67b04
SHA-256: fd8b3c7c6bb5762adbf6ab168a847bc6d2c7e5e8d117f984acc005a889d79229
 
x86_64:
openssl098e-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: e4e328b085da1a0a6a272c79967c0645
SHA-256: 10db2e203457b698816b7fb08ace4da080eb7f0c55ffe1e5e9142a1feb0f7b8c
openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: e2865e27dd271976096cc6e0ed6a639b
SHA-256: f38c1e03e7358cb05c686ef36e40c2a612689e4bbe18fd4c172b7b9a858895bd
openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm
File outdated by:  RHSA-2016:0372
    MD5: 3966382937fb193729da99e3c075c297
SHA-256: 289a65152f6fe5f5865262be9d48b74c80fb7a39771014ef8082ef6dd520282b
openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm
File outdated by:  RHSA-2016:0372
    MD5: d7433d692df738c0c8213c7b9aa603d2
SHA-256: 3b6393da1358d4a4adbc655d177bbc7c2abfa1cea0efe193c4969154eecf1896
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/