Skip to navigation

Security Advisory Moderate: openssl security update

Advisory: RHSA-2012:0086-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-02-01
Last updated on: 2012-02-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-4576
CVE-2011-4619

Details

Updated openssl packages that fix two security issues are now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An information leak flaw was found in the SSL 3.0 protocol implementation
in OpenSSL. Incorrect initialization of SSL record padding bytes could
cause an SSL client or server to send a limited amount of possibly
sensitive data to its SSL peer via the encrypted connection.
(CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL
handshake restarts required to support Server Gated Cryptography. A remote
attacker could use this flaw to make a TLS/SSL server using OpenSSL consume
an excessive amount of CPU by continuously restarting the handshake.
(CVE-2011-4619)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
openssl-0.9.7a-43.18.el4.src.rpm     MD5: c8ba3a11486013dd22ffe1089c216597
SHA-256: 27b05a84cdec46a2100ece4d2924c06e5fa577e328b9d147ac9ea42f357343cb
 
IA-32:
openssl-0.9.7a-43.18.el4.i386.rpm     MD5: 429de9e2fc4d4a16aa8d74ec05a1fa8b
SHA-256: 061098f258f8b93e2f045fb749803f66781530aca405b62faaec0f64308a8e13
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-perl-0.9.7a-43.18.el4.i386.rpm     MD5: 357bfb4d95660fe268ea6408064a7350
SHA-256: e73f977d0896c5775aadbfe7707b4708ca56fba80d7076d9090b2b5d0b13c0aa
 
x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 4a795e47d3b1d4f3fca4c9cf64d0b8e5
SHA-256: 2c8760a42750cbfacddc9b72970ee3a74f9e1330a8f729b8cef25e83990bdf3d
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm     MD5: 9702b68bfe57423e5386522d8708e34d
SHA-256: 258c7a96ad383e84068bde16f14c7a6efbdab0e930a250bc787e8a65cf202c06
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 43a136bd7bca83bbf6e6470cbdcd2f21
SHA-256: a07e57e4db6524356f9310b58341d19570e33a4e9d7b8b21b85ece44f26cecaa
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
openssl-0.9.7a-43.18.el4.src.rpm     MD5: c8ba3a11486013dd22ffe1089c216597
SHA-256: 27b05a84cdec46a2100ece4d2924c06e5fa577e328b9d147ac9ea42f357343cb
 
IA-32:
openssl-0.9.7a-43.18.el4.i386.rpm     MD5: 429de9e2fc4d4a16aa8d74ec05a1fa8b
SHA-256: 061098f258f8b93e2f045fb749803f66781530aca405b62faaec0f64308a8e13
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-perl-0.9.7a-43.18.el4.i386.rpm     MD5: 357bfb4d95660fe268ea6408064a7350
SHA-256: e73f977d0896c5775aadbfe7707b4708ca56fba80d7076d9090b2b5d0b13c0aa
 
IA-64:
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-0.9.7a-43.18.el4.ia64.rpm     MD5: 3ff4b5c1dbd5ff873338dd184c261fbd
SHA-256: 0f785c8dd9d525ecc6638601113c4995d4c7b5a3baa6ed483635b5ad9ba24959
openssl-devel-0.9.7a-43.18.el4.ia64.rpm     MD5: 9c20b8dfe5725292a3afd0a840ee8062
SHA-256: 1a11878486d6ea3aededf121338a0d4abebfd2391f9767a0c52a06b0a90ffd5f
openssl-perl-0.9.7a-43.18.el4.ia64.rpm     MD5: 4940488162eedbd9decf92e6614dd5c0
SHA-256: 068fc4283ff9f773dc4f478100768b1c9257b0c821d70caef5582ebe12a74077
 
PPC:
openssl-0.9.7a-43.18.el4.ppc.rpm     MD5: dd0b51cf7a8217878282b458156d4970
SHA-256: 30872852acfd58446029b678de592e75d8dbeb5a6720dbbb1901aa83d26ee890
openssl-0.9.7a-43.18.el4.ppc64.rpm     MD5: 05b951245af4138d5a3a56fcea65f524
SHA-256: 0c8741718354915c73e3c2e71c396a4d6ec0604405385ed1e9e04cad7b955de2
openssl-devel-0.9.7a-43.18.el4.ppc.rpm     MD5: 38c8a9aa3ed0ed12e30b74d55cfaa88c
SHA-256: 434d337bd8c28f976507742a221f266612cd13bf98541f0a1d4f601c27f94f73
openssl-devel-0.9.7a-43.18.el4.ppc64.rpm     MD5: fbaf2b3a2d7beaacbc28e0383084a080
SHA-256: c7cfe278e73e1059d7ee6e3ffdd0af9dd87407add3dd14fb047ad6b7283dee1b
openssl-perl-0.9.7a-43.18.el4.ppc.rpm     MD5: cac0aa6d169bb0f2d0e23620dbe536e7
SHA-256: 5002ea8aeed81087182ca58fc55befca448700308163e2333ac269c1f0dc3ed1
 
s390:
openssl-0.9.7a-43.18.el4.s390.rpm     MD5: 1a79ec15d01a6b3e2fff7780d1fffbb7
SHA-256: f8fc824e9d6d2de41e59c7b30037b109c42951645e08628c6b5679fd65684337
openssl-devel-0.9.7a-43.18.el4.s390.rpm     MD5: 44ee78466743fae738738333055580bc
SHA-256: 1053fd7a4fbd145221577da2e9306eeb6286b0557afb30eb302d924be939cf4b
openssl-perl-0.9.7a-43.18.el4.s390.rpm     MD5: b6970c1b88e141fce0f116af1b4cd03b
SHA-256: 7045f4ae5a2cc5b9f8b6885684574880846b801284261e10dd5707c95f5b65e8
 
s390x:
openssl-0.9.7a-43.18.el4.s390.rpm     MD5: 1a79ec15d01a6b3e2fff7780d1fffbb7
SHA-256: f8fc824e9d6d2de41e59c7b30037b109c42951645e08628c6b5679fd65684337
openssl-0.9.7a-43.18.el4.s390x.rpm     MD5: 87114a8ca26948bd382434f1f5ef8923
SHA-256: 5fc6fdf82de23f55d3276140747d87f51eefbb7bd2dcefde8812e4f7f4beb891
openssl-devel-0.9.7a-43.18.el4.s390.rpm     MD5: 44ee78466743fae738738333055580bc
SHA-256: 1053fd7a4fbd145221577da2e9306eeb6286b0557afb30eb302d924be939cf4b
openssl-devel-0.9.7a-43.18.el4.s390x.rpm     MD5: 40526a095db2dd1d21048646806a84c6
SHA-256: b4a193ca39c8e76a5c93854a05ce5bf0c30bdbed2d608bcec10d594e2f06b5fd
openssl-perl-0.9.7a-43.18.el4.s390x.rpm     MD5: 4d29248672605e330cb7a859b06e0fbe
SHA-256: edd64d7d1d3f8e6fb6d7259dbf0d64ba3d1852b40da6c376c741aab716d3042f
 
x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 4a795e47d3b1d4f3fca4c9cf64d0b8e5
SHA-256: 2c8760a42750cbfacddc9b72970ee3a74f9e1330a8f729b8cef25e83990bdf3d
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm     MD5: 9702b68bfe57423e5386522d8708e34d
SHA-256: 258c7a96ad383e84068bde16f14c7a6efbdab0e930a250bc787e8a65cf202c06
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 43a136bd7bca83bbf6e6470cbdcd2f21
SHA-256: a07e57e4db6524356f9310b58341d19570e33a4e9d7b8b21b85ece44f26cecaa
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
openssl-0.9.7a-43.18.el4.src.rpm     MD5: c8ba3a11486013dd22ffe1089c216597
SHA-256: 27b05a84cdec46a2100ece4d2924c06e5fa577e328b9d147ac9ea42f357343cb
 
IA-32:
openssl-0.9.7a-43.18.el4.i386.rpm     MD5: 429de9e2fc4d4a16aa8d74ec05a1fa8b
SHA-256: 061098f258f8b93e2f045fb749803f66781530aca405b62faaec0f64308a8e13
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-perl-0.9.7a-43.18.el4.i386.rpm     MD5: 357bfb4d95660fe268ea6408064a7350
SHA-256: e73f977d0896c5775aadbfe7707b4708ca56fba80d7076d9090b2b5d0b13c0aa
 
IA-64:
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-0.9.7a-43.18.el4.ia64.rpm     MD5: 3ff4b5c1dbd5ff873338dd184c261fbd
SHA-256: 0f785c8dd9d525ecc6638601113c4995d4c7b5a3baa6ed483635b5ad9ba24959
openssl-devel-0.9.7a-43.18.el4.ia64.rpm     MD5: 9c20b8dfe5725292a3afd0a840ee8062
SHA-256: 1a11878486d6ea3aededf121338a0d4abebfd2391f9767a0c52a06b0a90ffd5f
openssl-perl-0.9.7a-43.18.el4.ia64.rpm     MD5: 4940488162eedbd9decf92e6614dd5c0
SHA-256: 068fc4283ff9f773dc4f478100768b1c9257b0c821d70caef5582ebe12a74077
 
x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 4a795e47d3b1d4f3fca4c9cf64d0b8e5
SHA-256: 2c8760a42750cbfacddc9b72970ee3a74f9e1330a8f729b8cef25e83990bdf3d
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm     MD5: 9702b68bfe57423e5386522d8708e34d
SHA-256: 258c7a96ad383e84068bde16f14c7a6efbdab0e930a250bc787e8a65cf202c06
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 43a136bd7bca83bbf6e6470cbdcd2f21
SHA-256: a07e57e4db6524356f9310b58341d19570e33a4e9d7b8b21b85ece44f26cecaa
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
openssl-0.9.7a-43.18.el4.src.rpm     MD5: c8ba3a11486013dd22ffe1089c216597
SHA-256: 27b05a84cdec46a2100ece4d2924c06e5fa577e328b9d147ac9ea42f357343cb
 
IA-32:
openssl-0.9.7a-43.18.el4.i386.rpm     MD5: 429de9e2fc4d4a16aa8d74ec05a1fa8b
SHA-256: 061098f258f8b93e2f045fb749803f66781530aca405b62faaec0f64308a8e13
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-perl-0.9.7a-43.18.el4.i386.rpm     MD5: 357bfb4d95660fe268ea6408064a7350
SHA-256: e73f977d0896c5775aadbfe7707b4708ca56fba80d7076d9090b2b5d0b13c0aa
 
IA-64:
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-0.9.7a-43.18.el4.ia64.rpm     MD5: 3ff4b5c1dbd5ff873338dd184c261fbd
SHA-256: 0f785c8dd9d525ecc6638601113c4995d4c7b5a3baa6ed483635b5ad9ba24959
openssl-devel-0.9.7a-43.18.el4.ia64.rpm     MD5: 9c20b8dfe5725292a3afd0a840ee8062
SHA-256: 1a11878486d6ea3aededf121338a0d4abebfd2391f9767a0c52a06b0a90ffd5f
openssl-perl-0.9.7a-43.18.el4.ia64.rpm     MD5: 4940488162eedbd9decf92e6614dd5c0
SHA-256: 068fc4283ff9f773dc4f478100768b1c9257b0c821d70caef5582ebe12a74077
 
x86_64:
openssl-0.9.7a-43.18.el4.i686.rpm     MD5: f5a3713242ddffdf4357fb0ff1adf703
SHA-256: 07321de329f6f7db2a9912e093f0e0aa065c04346a46de81220d923b6bc9bc70
openssl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 4a795e47d3b1d4f3fca4c9cf64d0b8e5
SHA-256: 2c8760a42750cbfacddc9b72970ee3a74f9e1330a8f729b8cef25e83990bdf3d
openssl-devel-0.9.7a-43.18.el4.i386.rpm     MD5: af384f6e435a1c7e9ff255fa108a4f53
SHA-256: 568b5965109c08de9be31fc76e093112f0216b16836d2f8589d9a229ae480720
openssl-devel-0.9.7a-43.18.el4.x86_64.rpm     MD5: 9702b68bfe57423e5386522d8708e34d
SHA-256: 258c7a96ad383e84068bde16f14c7a6efbdab0e930a250bc787e8a65cf202c06
openssl-perl-0.9.7a-43.18.el4.x86_64.rpm     MD5: 43a136bd7bca83bbf6e6470cbdcd2f21
SHA-256: a07e57e4db6524356f9310b58341d19570e33a4e9d7b8b21b85ece44f26cecaa
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding
771780 - CVE-2011-4619 openssl: SGC restart DoS attack


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/