Security Advisory Moderate: openssl security update

Advisory: RHSA-2014:1053-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-08-13
Last updated on: 2014-08-13
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2014-0221
CVE-2014-3505
CVE-2014-3506
CVE-2014-3508
CVE-2014-3510

Details

Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.

It was discovered that the OBJ_obj2txt() function could fail to properly
NUL-terminate its output. This could possibly cause an application using
OpenSSL functions to format fields of X.509 certificates to disclose
portions of its memory. (CVE-2014-3508)

Multiple flaws were discovered in the way OpenSSL handled DTLS packets.
A remote attacker could use these flaws to cause a DTLS server or client
using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,
CVE-2014-3505, CVE-2014-3506)

A NULL pointer dereference flaw was found in the way OpenSSL performed a
handshake when using the anonymous Diffie-Hellman (DH) key exchange. A
malicious server could cause a DTLS client using OpenSSL to crash if that
client had anonymous DH cipher suites enabled. (CVE-2014-3510)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original
reporter of this issue.

All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
openssl-0.9.8e-27.el5_10.4.src.rpm
File outdated by:  RHSA-2015:0800
    MD5: ab0b8dcd692c826da35309c663e198b6
SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
 
IA-32:
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: 14a50425c101c5577988b28557842850
SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: c4452d75b254a7217febb6474d85c079
SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
 
x86_64:
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: 14a50425c101c5577988b28557842850
SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: a6af1a5d8aaf8ee311b758aecee727df
SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: c4452d75b254a7217febb6474d85c079
SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: b5ca7483934bd0577eda3ae13337c31f
SHA-256: 489d679de457fd6791800e33537be9917e5a258ec8dcb044e6e5b1b112bb3797
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openssl-0.9.8e-27.el5_10.4.src.rpm
File outdated by:  RHSA-2015:0800
    MD5: ab0b8dcd692c826da35309c663e198b6
SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
 
IA-32:
openssl-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: a37c15cfea9b0eb691ce3ab6b2aac606
SHA-256: a8e731f63dbf3a6f2bbee5df773b8abee0e6e6c9982661ed7d9808dbaa495746
openssl-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 93dc07decf6da7f582c897f3697c681a
SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: 14a50425c101c5577988b28557842850
SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 45086eb608d9ae6bf0a2359646b5b07c
SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: c4452d75b254a7217febb6474d85c079
SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: 5107357c9bd7a16f1adc5d0b24328801
SHA-256: 39bc40297c867a42337abd4e6054ca5ac77677907412c5bab1f308487f750b03
 
IA-64:
openssl-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 93dc07decf6da7f582c897f3697c681a
SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.ia64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 1a3fdeba6cfe4aea886baf61f3b6694e
SHA-256: 2ea40682a2492a3b3ad7d29a37b8f122f122f5da505d7bec2c12fe5cc7f934a1
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 45086eb608d9ae6bf0a2359646b5b07c
SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 594b8803b38120cc89a95083376886e8
SHA-256: 64f99d90fd0056c8c61d878ef7376d66c2e34471221818865862ad8400e40d4b
openssl-devel-0.9.8e-27.el5_10.4.ia64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 1211cbcd794beef00e8534f4bc646263
SHA-256: 0b0f1795699148da2a42147e3c1b10d8ee98bc9d409c049a413c171f3cc30855
openssl-perl-0.9.8e-27.el5_10.4.ia64.rpm
File outdated by:  RHSA-2015:0800
    MD5: cedf62490dd756b148e6a263de4e83fd
SHA-256: beac22ecbd64a5df98287a872330446b7324fe6bcdcc48d1431447b56fed9f1d
 
PPC:
openssl-0.9.8e-27.el5_10.4.ppc.rpm
File outdated by:  RHSA-2015:0800
    MD5: 06b2c6ca436973ef64b4501cc3689c06
SHA-256: 4b3550a5f0ddd564bac2ee430faa858e49406c453f90966fe1ae2906cc7e4c38
openssl-0.9.8e-27.el5_10.4.ppc64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 16cea2ea8f57a5a456b43d384b93443c
SHA-256: 43767d9f4bd741b433e1b891b428bd31052525475abecfba4e9ef80a9fab8731
openssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm
File outdated by:  RHSA-2015:0800
    MD5: a051a3b1264f511d35de16ddcfec4797
SHA-256: 5977455038aa33589677afe32a987630ba97ddf3020eca4500c9fb568f3687fa
openssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 03f705fa6da8700d83c5c58bd32da131
SHA-256: baccc14bb9e09e4ec950a42bf274464a4ed1460651dbf9a26c82dfbf94640213
openssl-devel-0.9.8e-27.el5_10.4.ppc.rpm
File outdated by:  RHSA-2015:0800
    MD5: 60478cf4208c4595a23f858242842d0a
SHA-256: 0886679057511580f91188f331b78281991ec53d75485f372cb13aa18534a9fd
openssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm
File outdated by:  RHSA-2015:0800
    MD5: efcc3e3fb7b069b1ece4df1e7ef22a03
SHA-256: 233aae184c7da85ac9f53ab1d95d6c49dfaf52728960697a253a2cabf1bdcd29
openssl-perl-0.9.8e-27.el5_10.4.ppc.rpm
File outdated by:  RHSA-2015:0800
    MD5: f7b3aa145cf6f02e480c0ac1438c2679
SHA-256: f210a17be2d53fdff7167a1a0f32d23a0275c790a0659c039516c9dbb8cb31c1
 
s390x:
openssl-0.9.8e-27.el5_10.4.s390.rpm
File outdated by:  RHSA-2015:0800
    MD5: 84612d96031d29954be6a1b121c2274d
SHA-256: e48ccf439e2a5b9b4cb5b3a5cd46fbcd0c7f6f2e215ececb71998275f634d903
openssl-0.9.8e-27.el5_10.4.s390x.rpm
File outdated by:  RHSA-2015:0800
    MD5: 9ab0d903135b2ef85778a9a9f6d58e56
SHA-256: 7d33daae5e3c15f8ca24f4d5368a97d33474cf20dfea6ee188c7da2f1c2f1dc3
openssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm
File outdated by:  RHSA-2015:0800
    MD5: 6147687ea0caae4ca6fb18079df953f8
SHA-256: 3b0fc70408aa763df249865fb342652c02733a225121579de6f0621c7cc56cc4
openssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm
File outdated by:  RHSA-2015:0800
    MD5: dddce677bcf14fc895c27d5313c76788
SHA-256: 71ebebfd4eba56e2b53077aec6f2c0d63c7a0f8e64bc4f9ffd6938edaeab3818
openssl-devel-0.9.8e-27.el5_10.4.s390.rpm
File outdated by:  RHSA-2015:0800
    MD5: 6ff7d08131491380c6f7df90ab02aa9f
SHA-256: dd1e53c844472d0b65f366d1e54ac36f460c5b114d3a54379f62f0a7c801e415
openssl-devel-0.9.8e-27.el5_10.4.s390x.rpm
File outdated by:  RHSA-2015:0800
    MD5: 8d030c15621b6a8fa5ef859195ba3541
SHA-256: 3a3485f51a943277f3c971bb7e758be9421fb7f97f626d18d85a31822697146e
openssl-perl-0.9.8e-27.el5_10.4.s390x.rpm
File outdated by:  RHSA-2015:0800
    MD5: f2d48dddac4113da52935c9916429f5b
SHA-256: 563ba9c5a69d94942e67eeee5c3a33dce9edd23424e11a37aa863e9750c92544
 
x86_64:
openssl-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 93dc07decf6da7f582c897f3697c681a
SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 01ebc17847765e2dfc6c1e0520f0ecf3
SHA-256: 7c1a2be8151c2c920f01f74dcff3bd0e5271a005cdeb5d9b8e2cf0ff277b724d
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: 14a50425c101c5577988b28557842850
SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 45086eb608d9ae6bf0a2359646b5b07c
SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: a6af1a5d8aaf8ee311b758aecee727df
SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: c4452d75b254a7217febb6474d85c079
SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: b5ca7483934bd0577eda3ae13337c31f
SHA-256: 489d679de457fd6791800e33537be9917e5a258ec8dcb044e6e5b1b112bb3797
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 3595ddc8caa740e165b869709b3126e7
SHA-256: 657886d3ad3fa3fb61fd9566b7f0273249c9a3a64841f7e3057a2ddcc44fb878
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openssl-0.9.8e-27.el5_10.4.src.rpm
File outdated by:  RHSA-2015:0800
    MD5: ab0b8dcd692c826da35309c663e198b6
SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
 
IA-32:
openssl-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: a37c15cfea9b0eb691ce3ab6b2aac606
SHA-256: a8e731f63dbf3a6f2bbee5df773b8abee0e6e6c9982661ed7d9808dbaa495746
openssl-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 93dc07decf6da7f582c897f3697c681a
SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: 14a50425c101c5577988b28557842850
SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 45086eb608d9ae6bf0a2359646b5b07c
SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm
File outdated by:  RHSA-2015:0800
    MD5: 5107357c9bd7a16f1adc5d0b24328801
SHA-256: 39bc40297c867a42337abd4e6054ca5ac77677907412c5bab1f308487f750b03
 
x86_64:
openssl-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 93dc07decf6da7f582c897f3697c681a
SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 01ebc17847765e2dfc6c1e0520f0ecf3
SHA-256: 7c1a2be8151c2c920f01f74dcff3bd0e5271a005cdeb5d9b8e2cf0ff277b724d
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
File outdated by:  RHSA-2015:0800
    MD5: 45086eb608d9ae6bf0a2359646b5b07c
SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: a6af1a5d8aaf8ee311b758aecee727df
SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm
File outdated by:  RHSA-2015:0800
    MD5: 3595ddc8caa740e165b869709b3126e7
SHA-256: 657886d3ad3fa3fb61fd9566b7f0273249c9a3a64841f7e3057a2ddcc44fb878
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions
1127499 - CVE-2014-3505 openssl: DTLS packet processing double free
1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion
1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/