Security Advisory Important: openssl097a and openssl098e security update

Advisory: RHSA-2014:0626-1
Type: Security Advisory
Severity: Important
Issued on: 2014-06-05
Last updated on: 2014-06-05
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2014-0224

Details

Updated openssl097a and openssl098e packages that fix one security issue
are now available for Red Hat Enterprise Linux 5 and 6 respectively.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)

Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433

Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.

All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openssl097a-0.9.7a-12.el5_10.1.src.rpm     MD5: 19af3e117e7b6465e17dfd3bfdd93022
SHA-256: 80b8e81e522b41857637c1092f40b49cab068a91d4d9ee86baddf0201873bd90
 
IA-32:
openssl097a-0.9.7a-12.el5_10.1.i386.rpm     MD5: 63a204f2d68437dc54a83f92424011d1
SHA-256: 8bd83b5fea5df3b03379011ee7316b1561565d98436c53febd2c2ee3c54a900f
openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm     MD5: c3b2dcb01c6325453c8a533a615fd760
SHA-256: a5e84e61162b71f0f9544161ce5d9b6c1afb1adfc339385f3a2c7be35574d822
 
IA-64:
openssl097a-0.9.7a-12.el5_10.1.i386.rpm     MD5: 63a204f2d68437dc54a83f92424011d1
SHA-256: 8bd83b5fea5df3b03379011ee7316b1561565d98436c53febd2c2ee3c54a900f
openssl097a-0.9.7a-12.el5_10.1.ia64.rpm     MD5: a87fc18c19c05bc5cb8b6b67a784c99d
SHA-256: e3cec84513e0beec9b68e1686fc9842bad08bef8cd863ad9a33ba9c26ded6dda
openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm     MD5: c3b2dcb01c6325453c8a533a615fd760
SHA-256: a5e84e61162b71f0f9544161ce5d9b6c1afb1adfc339385f3a2c7be35574d822
openssl097a-debuginfo-0.9.7a-12.el5_10.1.ia64.rpm     MD5: 091b7c34b464163b76b245c9e22b4ad8
SHA-256: ad8734a539ae16cbb0f19e40a2a1084dfc27604c9b075541aaf582a9ff921003
 
PPC:
openssl097a-0.9.7a-12.el5_10.1.ppc.rpm     MD5: ff0a1cb4dbe95e6b261760759a819943
SHA-256: 4ac0da6bc862a057dfb69a00846dbc340fb3a03e6bcca7abb33b31cb0321e991
openssl097a-0.9.7a-12.el5_10.1.ppc64.rpm     MD5: 6b6a25f21e3c27e2cfb182308af80085
SHA-256: 65f121b4c3231356ea328d84407b6515c7bf61d26c5c72f6cf05a2ccb2c67c0d
openssl097a-debuginfo-0.9.7a-12.el5_10.1.ppc.rpm     MD5: 86833938b8a71f8f1dfcd84d64bc516a
SHA-256: 85be513ad9c8b92dfe18a9ccd3bf6ac9ad736fa20a089ec6ba0bf8e4d53d9372
openssl097a-debuginfo-0.9.7a-12.el5_10.1.ppc64.rpm     MD5: d6f790a6ad0094d06a03f94e083604f8
SHA-256: 62d21dab7fc4b09d2972651dd8bc0c2e9dce5d14a4a0299282319b3474e46fb6
 
s390x:
openssl097a-0.9.7a-12.el5_10.1.s390.rpm     MD5: 9d4a4a7e5fb3845b6ec1d5b1354a0b65
SHA-256: 2b32b23986995f5db6901cd07fa9b3c237bec5a3ffee4a2c2a82261a2a2cd253
openssl097a-0.9.7a-12.el5_10.1.s390x.rpm     MD5: 377c1c434385b42e9e793f473f11bcd5
SHA-256: b2e241d2663eb509e9503200c7afa07f648b53a24708e24556976c3d0a3e0b96
openssl097a-debuginfo-0.9.7a-12.el5_10.1.s390.rpm     MD5: a3289cb120062926706a46cc356a2255
SHA-256: 79b963aaedaa9d87ac2d8fe72e088f8e31db11ca3da6b5dea025143056414822
openssl097a-debuginfo-0.9.7a-12.el5_10.1.s390x.rpm     MD5: 0f3a940e89ba85f6f686c32d4dd996be
SHA-256: 8cd830d6543f2e05d390a55d38f275f15cc7d4fc11d679a96d5ba6d835151b40
 
x86_64:
openssl097a-0.9.7a-12.el5_10.1.i386.rpm     MD5: 63a204f2d68437dc54a83f92424011d1
SHA-256: 8bd83b5fea5df3b03379011ee7316b1561565d98436c53febd2c2ee3c54a900f
openssl097a-0.9.7a-12.el5_10.1.x86_64.rpm     MD5: 4a56c28ff8afbb29a33cf359eb1263b8
SHA-256: ca3201e4f9ffd08df6cc65d1e1a4ffd9146c7e7e2e9d759e10316469be298138
openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm     MD5: c3b2dcb01c6325453c8a533a615fd760
SHA-256: a5e84e61162b71f0f9544161ce5d9b6c1afb1adfc339385f3a2c7be35574d822
openssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm     MD5: 14c2b09c32908907b517a9a7cee7fa1f
SHA-256: c544472a22c211092cff19159bf86fa5f57a4bc70fa9c9cac94e88916e04e317
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openssl097a-0.9.7a-12.el5_10.1.src.rpm     MD5: 19af3e117e7b6465e17dfd3bfdd93022
SHA-256: 80b8e81e522b41857637c1092f40b49cab068a91d4d9ee86baddf0201873bd90
 
IA-32:
openssl097a-0.9.7a-12.el5_10.1.i386.rpm     MD5: 63a204f2d68437dc54a83f92424011d1
SHA-256: 8bd83b5fea5df3b03379011ee7316b1561565d98436c53febd2c2ee3c54a900f
openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm     MD5: c3b2dcb01c6325453c8a533a615fd760
SHA-256: a5e84e61162b71f0f9544161ce5d9b6c1afb1adfc339385f3a2c7be35574d822
 
x86_64:
openssl097a-0.9.7a-12.el5_10.1.i386.rpm     MD5: 63a204f2d68437dc54a83f92424011d1
SHA-256: 8bd83b5fea5df3b03379011ee7316b1561565d98436c53febd2c2ee3c54a900f
openssl097a-0.9.7a-12.el5_10.1.x86_64.rpm     MD5: 4a56c28ff8afbb29a33cf359eb1263b8
SHA-256: ca3201e4f9ffd08df6cc65d1e1a4ffd9146c7e7e2e9d759e10316469be298138
openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm     MD5: c3b2dcb01c6325453c8a533a615fd760
SHA-256: a5e84e61162b71f0f9544161ce5d9b6c1afb1adfc339385f3a2c7be35574d822
openssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm     MD5: 14c2b09c32908907b517a9a7cee7fa1f
SHA-256: c544472a22c211092cff19159bf86fa5f57a4bc70fa9c9cac94e88916e04e317
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openssl098e-0.9.8e-18.el6_5.2.src.rpm     MD5: 36d96da1802b6305c3bc39a5fcebe97f
SHA-256: 2561299d0983881128cb96e9be9f0fdcb62a93182bc7424de1d4b0051ef990d2
 
IA-32:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
 
x86_64:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: c423f22408c58136ddc7d67876d74a42
SHA-256: c4257156e48aad24db60ebac28d9cbf9a107958d512202ccce164fcf844cea31
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
openssl098e-debuginfo-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: 35f76ed2b7a506088c0e39d99def1c9d
SHA-256: dcd8c17d11582d013fcb3d7aa926a3e5073db8c4e9a08e069d26f5d67b5e9b81
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
openssl098e-0.9.8e-18.el6_5.2.src.rpm     MD5: 36d96da1802b6305c3bc39a5fcebe97f
SHA-256: 2561299d0983881128cb96e9be9f0fdcb62a93182bc7424de1d4b0051ef990d2
 
x86_64:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: c423f22408c58136ddc7d67876d74a42
SHA-256: c4257156e48aad24db60ebac28d9cbf9a107958d512202ccce164fcf844cea31
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
openssl098e-debuginfo-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: 35f76ed2b7a506088c0e39d99def1c9d
SHA-256: dcd8c17d11582d013fcb3d7aa926a3e5073db8c4e9a08e069d26f5d67b5e9b81
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openssl098e-0.9.8e-18.el6_5.2.src.rpm     MD5: 36d96da1802b6305c3bc39a5fcebe97f
SHA-256: 2561299d0983881128cb96e9be9f0fdcb62a93182bc7424de1d4b0051ef990d2
 
IA-32:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
 
PPC:
openssl098e-0.9.8e-18.el6_5.2.ppc.rpm     MD5: 249e4ecad4c723bf724344701c99ca62
SHA-256: b1d6d3ecc86c2df0c8f43b9bff93ec35b674482be1633b62d4bf8f3d76fe5e83
openssl098e-0.9.8e-18.el6_5.2.ppc64.rpm     MD5: 27d9b533663ffe3687cf0e0f0f612818
SHA-256: f95ec65fb0b6f9af69d555a73205796595d5ed09ef9e6202db613f1c5153f39c
openssl098e-debuginfo-0.9.8e-18.el6_5.2.ppc.rpm     MD5: 0e24d5cc64a34bec50a1356acfe14119
SHA-256: 24268c14010ec91f4c867128c56053412584fd6e8fd85ed791d87c7104e0ab93
openssl098e-debuginfo-0.9.8e-18.el6_5.2.ppc64.rpm     MD5: 9e560b637c9abcbfd9c260f43bbf6fb0
SHA-256: e8006fe2a4b5ab19fed619dcd22d02c4710611ce1ad3fad32c3075650cbce2d2
 
s390x:
openssl098e-0.9.8e-18.el6_5.2.s390.rpm     MD5: 057fdd45396f51209f9988405f88d179
SHA-256: 57b031581fc8c097bac4758342122863117a76e609c86129d5922916e42aaf97
openssl098e-0.9.8e-18.el6_5.2.s390x.rpm     MD5: 67a0526f2780a4fcedea7c6f83999cb4
SHA-256: a1f2a4f4cf3042ff896af899a7a8cfc875a771f91ffa213e3476400251e7f489
openssl098e-debuginfo-0.9.8e-18.el6_5.2.s390.rpm     MD5: f0e84c740b6b61422c94c671200da4ed
SHA-256: d71f13e1813a3d94240617b4400c3e60512f7a2c4ddb2b06e978114939366760
openssl098e-debuginfo-0.9.8e-18.el6_5.2.s390x.rpm     MD5: c030e006a8d0d1b28286bd8891cb6ca4
SHA-256: 4b19ad55f6ec0c8ad3640323e54a921b7206886dad006bd892ab2cac06df098b
 
x86_64:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: c423f22408c58136ddc7d67876d74a42
SHA-256: c4257156e48aad24db60ebac28d9cbf9a107958d512202ccce164fcf844cea31
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
openssl098e-debuginfo-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: 35f76ed2b7a506088c0e39d99def1c9d
SHA-256: dcd8c17d11582d013fcb3d7aa926a3e5073db8c4e9a08e069d26f5d67b5e9b81
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
openssl098e-0.9.8e-18.el6_5.2.src.rpm     MD5: 36d96da1802b6305c3bc39a5fcebe97f
SHA-256: 2561299d0983881128cb96e9be9f0fdcb62a93182bc7424de1d4b0051ef990d2
 
x86_64:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: c423f22408c58136ddc7d67876d74a42
SHA-256: c4257156e48aad24db60ebac28d9cbf9a107958d512202ccce164fcf844cea31
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
openssl098e-debuginfo-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: 35f76ed2b7a506088c0e39d99def1c9d
SHA-256: dcd8c17d11582d013fcb3d7aa926a3e5073db8c4e9a08e069d26f5d67b5e9b81
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
openssl098e-0.9.8e-18.el6_5.2.src.rpm     MD5: 36d96da1802b6305c3bc39a5fcebe97f
SHA-256: 2561299d0983881128cb96e9be9f0fdcb62a93182bc7424de1d4b0051ef990d2
 
IA-32:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
 
PPC:
openssl098e-0.9.8e-18.el6_5.2.ppc.rpm     MD5: 249e4ecad4c723bf724344701c99ca62
SHA-256: b1d6d3ecc86c2df0c8f43b9bff93ec35b674482be1633b62d4bf8f3d76fe5e83
openssl098e-0.9.8e-18.el6_5.2.ppc64.rpm     MD5: 27d9b533663ffe3687cf0e0f0f612818
SHA-256: f95ec65fb0b6f9af69d555a73205796595d5ed09ef9e6202db613f1c5153f39c
openssl098e-debuginfo-0.9.8e-18.el6_5.2.ppc.rpm     MD5: 0e24d5cc64a34bec50a1356acfe14119
SHA-256: 24268c14010ec91f4c867128c56053412584fd6e8fd85ed791d87c7104e0ab93
openssl098e-debuginfo-0.9.8e-18.el6_5.2.ppc64.rpm     MD5: 9e560b637c9abcbfd9c260f43bbf6fb0
SHA-256: e8006fe2a4b5ab19fed619dcd22d02c4710611ce1ad3fad32c3075650cbce2d2
 
s390x:
openssl098e-0.9.8e-18.el6_5.2.s390.rpm     MD5: 057fdd45396f51209f9988405f88d179
SHA-256: 57b031581fc8c097bac4758342122863117a76e609c86129d5922916e42aaf97
openssl098e-0.9.8e-18.el6_5.2.s390x.rpm     MD5: 67a0526f2780a4fcedea7c6f83999cb4
SHA-256: a1f2a4f4cf3042ff896af899a7a8cfc875a771f91ffa213e3476400251e7f489
openssl098e-debuginfo-0.9.8e-18.el6_5.2.s390.rpm     MD5: f0e84c740b6b61422c94c671200da4ed
SHA-256: d71f13e1813a3d94240617b4400c3e60512f7a2c4ddb2b06e978114939366760
openssl098e-debuginfo-0.9.8e-18.el6_5.2.s390x.rpm     MD5: c030e006a8d0d1b28286bd8891cb6ca4
SHA-256: 4b19ad55f6ec0c8ad3640323e54a921b7206886dad006bd892ab2cac06df098b
 
x86_64:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: c423f22408c58136ddc7d67876d74a42
SHA-256: c4257156e48aad24db60ebac28d9cbf9a107958d512202ccce164fcf844cea31
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
openssl098e-debuginfo-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: 35f76ed2b7a506088c0e39d99def1c9d
SHA-256: dcd8c17d11582d013fcb3d7aa926a3e5073db8c4e9a08e069d26f5d67b5e9b81
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openssl098e-0.9.8e-18.el6_5.2.src.rpm     MD5: 36d96da1802b6305c3bc39a5fcebe97f
SHA-256: 2561299d0983881128cb96e9be9f0fdcb62a93182bc7424de1d4b0051ef990d2
 
IA-32:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
 
x86_64:
openssl098e-0.9.8e-18.el6_5.2.i686.rpm     MD5: bedab7eb0bf4aa63eff2228bee693991
SHA-256: d51b513736b132b6d40d0501ca31ecd7c20932174454e75b5584ffe421836048
openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: c423f22408c58136ddc7d67876d74a42
SHA-256: c4257156e48aad24db60ebac28d9cbf9a107958d512202ccce164fcf844cea31
openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm     MD5: 3a013dd908f6626798f4b74f2840a0cd
SHA-256: 1802a5fdce316c4da2879470dd9243ec00aa4c0315034707653be523e285479e
openssl098e-debuginfo-0.9.8e-18.el6_5.2.x86_64.rpm     MD5: 35f76ed2b7a506088c0e39d99def1c9d
SHA-256: dcd8c17d11582d013fcb3d7aa926a3e5073db8c4e9a08e069d26f5d67b5e9b81
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/