Security Advisory Important: openssl security update

Advisory: RHSA-2014:0625-1
Type: Security Advisory
Severity: Important
Issued on: 2014-06-05
Last updated on: 2014-06-05
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-5298
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470

Details

Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433

A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. A remote attacker could possibly use this flaw to execute
arbitrary code on a DTLS client or server. (CVE-2014-0195)

Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)

A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)

A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)

Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.

All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openssl-1.0.1e-16.el6_5.14.src.rpm
File outdated by:  RHSA-2015:1115
    MD5: 162e9502a19e07c0bdf7b38afd7d172f
SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40
 
IA-32:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 7151a2e480ee2624074cdb7c741b98e4
SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 79495e8fbeb86ee1bd49226c68f1777c
SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00
 
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ad2972e24df86beb4fedad15024d2aea
SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 0934b6c2d1eac77533f68db06b613e3c
SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: f6f157a51527e6dbe330d5d18c0e59f2
SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ccb46e0840139e77e2b41cc6b5c556f6
SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 29a3460b0dfb74dd18c1a8724dec75ad
SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
openssl-1.0.1e-16.el6_5.14.src.rpm
File outdated by:  RHSA-2015:1115
    MD5: 162e9502a19e07c0bdf7b38afd7d172f
SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40
 
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ad2972e24df86beb4fedad15024d2aea
SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 0934b6c2d1eac77533f68db06b613e3c
SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: f6f157a51527e6dbe330d5d18c0e59f2
SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ccb46e0840139e77e2b41cc6b5c556f6
SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 29a3460b0dfb74dd18c1a8724dec75ad
SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openssl-1.0.1e-16.el6_5.14.src.rpm
File outdated by:  RHSA-2015:1115
    MD5: 162e9502a19e07c0bdf7b38afd7d172f
SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40
 
IA-32:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 7151a2e480ee2624074cdb7c741b98e4
SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 79495e8fbeb86ee1bd49226c68f1777c
SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00
 
PPC:
openssl-1.0.1e-16.el6_5.14.ppc.rpm
File outdated by:  RHSA-2015:1115
    MD5: 050807fd08d3ab7308bf6a91f8cf87a8
SHA-256: 3bdc036bbac5a9eec57314ed942f49782bf71be02a9c6031d02826fdeab3eb04
openssl-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2015:1115
    MD5: a9611c6c2071e8614f86b2be523ccdac
SHA-256: e8b577eccaa28e6c31c4f43ec2b281bd36e669526c28dd8edd9d8bbd7aa6d455
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm
File outdated by:  RHSA-2015:1115
    MD5: dd8f5f0e47fe993ac8f2c17528b32c27
SHA-256: d386ed56c150d1fb4564dbf6ab0a1a4673c765b10d63972a8629f3287d189421
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 56ee426ead6fc7b9e0cdb69b385d3c7c
SHA-256: eeae5f00378192bfc8d533864665eeb93a0f9c94405e7a73b53f4abb7bd3817a
openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm
File outdated by:  RHSA-2015:1115
    MD5: 3201f8d1b0d77127c78e2db581fbeceb
SHA-256: af6ff5ece0d6f08317f0c5a8e390c47238608a5d49a9beec83275ef4b148fd8f
openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2015:1115
    MD5: f4eace36080b7aa37260115107f5e657
SHA-256: f1bf095c0268e6f2021e7a1ef7c6fcc99041e2ea11da3c47ff19eebd4ef055cd
openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 229e85cab03a45586c750474834ada89
SHA-256: 923a642d3131e2615443626dd6c304935f3753b637e7103977da2f50c7ca0085
openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 4170793c358292641478f4b11360e7c7
SHA-256: 4aafc99b0f38a2494fbf80dc1f65a7b0e5bbe0810d7767cbfea49057a2ba3392
 
s390x:
openssl-1.0.1e-16.el6_5.14.s390.rpm
File outdated by:  RHSA-2015:1115
    MD5: 46b4f28f28822ce29012351a8e6e9138
SHA-256: 9fe5cdb7c18e123a07d383bd3c5e22271ce6993d98be3ef87bafb0e1d9c96042
openssl-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2015:1115
    MD5: c9c7a2a35561776463168fb202ea0d68
SHA-256: 8d3621205762eb9e00047724e446ace96236fd4a5fb4d1ea16b867d63b3f74d6
openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm
File outdated by:  RHSA-2015:1115
    MD5: 442ce17d08e3df903f16c3f55519b4e0
SHA-256: 9756e7dfb21e0709e2a469aea56714ed38f8ba19bec1b0046815244b854e0b19
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2015:1115
    MD5: 3c0463244711a093cb3eb779dd746563
SHA-256: bb7b484e6b14e9c4b60f6968b7f0d79704be4928a32f038c0dfeb4ccaf255c1e
openssl-devel-1.0.1e-16.el6_5.14.s390.rpm
File outdated by:  RHSA-2015:1115
    MD5: 5edb2b7d8845b299954bebdb74b16afd
SHA-256: 8fc075fbee182bdbf74d03f80001ea19ab3e0295863647337c97b92f0030b78e
openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2015:1115
    MD5: 0e74aeec9d394ae162b57157c08ff307
SHA-256: d4f571e63f95826cbc42c950ad7659c2d11b061fff1cea039cbe748b66356753
openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2015:1115
    MD5: 8e33cd472402159c59ddc86c575f452b
SHA-256: 2e3def534a6d1d592957205cd59504e67f59e1e68aacf7eb277b1ca7b41144e1
openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2015:1115
    MD5: 01329523d0c0fea7b67562809aba7c97
SHA-256: 21fc656966d280a00e92e1803a79d8b9d5653145df913fe4b6dc218fee655a9e
 
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ad2972e24df86beb4fedad15024d2aea
SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 0934b6c2d1eac77533f68db06b613e3c
SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: f6f157a51527e6dbe330d5d18c0e59f2
SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ccb46e0840139e77e2b41cc6b5c556f6
SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 29a3460b0dfb74dd18c1a8724dec75ad
SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
openssl-1.0.1e-16.el6_5.14.src.rpm
File outdated by:  RHSA-2015:1115
    MD5: 162e9502a19e07c0bdf7b38afd7d172f
SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40
 
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: ad2972e24df86beb4fedad15024d2aea
SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: 0934b6c2d1eac77533f68db06b613e3c
SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: f6f157a51527e6dbe330d5d18c0e59f2
SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: ccb46e0840139e77e2b41cc6b5c556f6
SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: 29a3460b0dfb74dd18c1a8724dec75ad
SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
openssl-1.0.1e-16.el6_5.14.src.rpm
File outdated by:  RHSA-2015:1115
    MD5: 162e9502a19e07c0bdf7b38afd7d172f
SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40
 
IA-32:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 7151a2e480ee2624074cdb7c741b98e4
SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 79495e8fbeb86ee1bd49226c68f1777c
SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00
 
PPC:
openssl-1.0.1e-16.el6_5.14.ppc.rpm
File outdated by:  RHSA-2014:1052
    MD5: 050807fd08d3ab7308bf6a91f8cf87a8
SHA-256: 3bdc036bbac5a9eec57314ed942f49782bf71be02a9c6031d02826fdeab3eb04
openssl-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2014:1052
    MD5: a9611c6c2071e8614f86b2be523ccdac
SHA-256: e8b577eccaa28e6c31c4f43ec2b281bd36e669526c28dd8edd9d8bbd7aa6d455
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm
File outdated by:  RHSA-2014:1052
    MD5: dd8f5f0e47fe993ac8f2c17528b32c27
SHA-256: d386ed56c150d1fb4564dbf6ab0a1a4673c765b10d63972a8629f3287d189421
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2014:1052
    MD5: 56ee426ead6fc7b9e0cdb69b385d3c7c
SHA-256: eeae5f00378192bfc8d533864665eeb93a0f9c94405e7a73b53f4abb7bd3817a
openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm
File outdated by:  RHSA-2014:1052
    MD5: 3201f8d1b0d77127c78e2db581fbeceb
SHA-256: af6ff5ece0d6f08317f0c5a8e390c47238608a5d49a9beec83275ef4b148fd8f
openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2014:1052
    MD5: f4eace36080b7aa37260115107f5e657
SHA-256: f1bf095c0268e6f2021e7a1ef7c6fcc99041e2ea11da3c47ff19eebd4ef055cd
openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2014:1052
    MD5: 229e85cab03a45586c750474834ada89
SHA-256: 923a642d3131e2615443626dd6c304935f3753b637e7103977da2f50c7ca0085
openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
File outdated by:  RHSA-2014:1052
    MD5: 4170793c358292641478f4b11360e7c7
SHA-256: 4aafc99b0f38a2494fbf80dc1f65a7b0e5bbe0810d7767cbfea49057a2ba3392
 
s390x:
openssl-1.0.1e-16.el6_5.14.s390.rpm
File outdated by:  RHSA-2014:1052
    MD5: 46b4f28f28822ce29012351a8e6e9138
SHA-256: 9fe5cdb7c18e123a07d383bd3c5e22271ce6993d98be3ef87bafb0e1d9c96042
openssl-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2014:1052
    MD5: c9c7a2a35561776463168fb202ea0d68
SHA-256: 8d3621205762eb9e00047724e446ace96236fd4a5fb4d1ea16b867d63b3f74d6
openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm
File outdated by:  RHSA-2014:1052
    MD5: 442ce17d08e3df903f16c3f55519b4e0
SHA-256: 9756e7dfb21e0709e2a469aea56714ed38f8ba19bec1b0046815244b854e0b19
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2014:1052
    MD5: 3c0463244711a093cb3eb779dd746563
SHA-256: bb7b484e6b14e9c4b60f6968b7f0d79704be4928a32f038c0dfeb4ccaf255c1e
openssl-devel-1.0.1e-16.el6_5.14.s390.rpm
File outdated by:  RHSA-2014:1052
    MD5: 5edb2b7d8845b299954bebdb74b16afd
SHA-256: 8fc075fbee182bdbf74d03f80001ea19ab3e0295863647337c97b92f0030b78e
openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2014:1052
    MD5: 0e74aeec9d394ae162b57157c08ff307
SHA-256: d4f571e63f95826cbc42c950ad7659c2d11b061fff1cea039cbe748b66356753
openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2014:1052
    MD5: 8e33cd472402159c59ddc86c575f452b
SHA-256: 2e3def534a6d1d592957205cd59504e67f59e1e68aacf7eb277b1ca7b41144e1
openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
File outdated by:  RHSA-2014:1052
    MD5: 01329523d0c0fea7b67562809aba7c97
SHA-256: 21fc656966d280a00e92e1803a79d8b9d5653145df913fe4b6dc218fee655a9e
 
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: ad2972e24df86beb4fedad15024d2aea
SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: 0934b6c2d1eac77533f68db06b613e3c
SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2014:1052
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: f6f157a51527e6dbe330d5d18c0e59f2
SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: ccb46e0840139e77e2b41cc6b5c556f6
SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2014:1052
    MD5: 29a3460b0dfb74dd18c1a8724dec75ad
SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openssl-1.0.1e-16.el6_5.14.src.rpm
File outdated by:  RHSA-2015:1115
    MD5: 162e9502a19e07c0bdf7b38afd7d172f
SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40
 
IA-32:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 7151a2e480ee2624074cdb7c741b98e4
SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 79495e8fbeb86ee1bd49226c68f1777c
SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00
 
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 44859a9c8d10af3850c42dd2a4822eea
SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ad2972e24df86beb4fedad15024d2aea
SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: 909cb0303ae5615f4216e13ebf0b2016
SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 0934b6c2d1eac77533f68db06b613e3c
SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
File outdated by:  RHSA-2015:1115
    MD5: da8eff381c902443ddfa8d7a52a2ceb5
SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: f6f157a51527e6dbe330d5d18c0e59f2
SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: ccb46e0840139e77e2b41cc6b5c556f6
SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
File outdated by:  RHSA-2015:1115
    MD5: 29a3460b0dfb74dd18c1a8724dec75ad
SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free
1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/