Security Advisory Updated openssl packages available

Advisory: RHSA-2001:051-18
Type: Security Advisory
Severity: N/A
Issued on: 2001-04-17
Last updated on: 2001-07-18
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1


Updated openssl packages are now available for Red Hat Linux 6.x and 7.
These packages include security-related changes made in OpenSSL 0.9.6a and
0.9.6b which have been backported to previous versions released for Red Hat

In addition, this advisory provides OpenSSL 0.9.6 packages for Red Hat
Linux 7, which may be used by future updates to both Red Hat Linux 7 and
Red Hat Linux 7.1.

Versions of OpenSSL prior to 0.9.6a suffer from potential security
problems. These include potential leakage of information after SSL
version 3 key exchanges, imperfect distribution of random numbers used
when generating signatures, honoring of sensitive environment variables
in library functions in setuid or setgid applications, and not taking
precautions to counter effects of potential hardware glitches when
generating digital signatures.

A flaw has also been found in the pseudo-random number generator used
in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team has
released a patch which corrects this problem.


Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For all RPMs downloaded for your particular architecture, run:

rpm -Uvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Note that
you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs. Because of dependencies, the packages must be
installed as a group.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:


This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages




These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at