Security Advisory Important: openssl security update

Advisory: RHSA-2016:2802-1
Type: Security Advisory
Severity: Important
Issued on: 2016-11-17
Last updated on: 2016-11-17
Affected Products: Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server AUS (v. 6.6)
Red Hat Enterprise Linux Server EUS (v. 6.7.z)
Red Hat Enterprise Linux Server TUS (v. 6.5)
Red Hat Enterprise Linux Server TUS (v. 6.6)
CVEs (cve.mitre.org): CVE-2016-6304

Details

An update for openssl is now available for Red Hat Enterprise Linux 6.2 Advanced
Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat
Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco
Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support,
Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat
Enterprise Linux 6.7 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

Security Fix(es):

* A memory leak flaw was found in the way OpenSSL handled TLS status request
extension data during session renegotiation. A remote attacker could cause a TLS
server using OpenSSL to consume an excessive amount of memory and, possibly,
exit unexpectedly after exhausting all available memory, if it enabled OCSP
stapling support. (CVE-2016-6304)

Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original
reporter.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must
be restarted, or the system rebooted.

Updated packages

Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
openssl-1.0.0-20.el6_2.9.src.rpm     MD5: 678db7d7dd2c4dcaa0a732a778643d6e
SHA-256: 802262a26e568ca280dd9680652cdb8717396a3e26c91eeaf69582d0e101847d
 
x86_64:
openssl-1.0.0-20.el6_2.9.i686.rpm     MD5: a730658fdb06fc3148fb201f7d4f2218
SHA-256: e2972aee87e81b7c58cafeae4f40a315af5cdd6d7cedb3b988e8869a77a1b22f
openssl-1.0.0-20.el6_2.9.x86_64.rpm     MD5: ecbe7d773f891c73b64272804b80215e
SHA-256: 7a7e8f76a1fa470d700cfac625689800a115c1f7c2b83b23629d3276604514b1
openssl-debuginfo-1.0.0-20.el6_2.9.i686.rpm     MD5: b3f0b2cdbaf0fc81cfe2c099792a88cd
SHA-256: 8eac3fa85e5887749b1d06076e5b40a632df6a5d068aeafd2edaa32574b28478
openssl-debuginfo-1.0.0-20.el6_2.9.x86_64.rpm     MD5: 1e183471a3527699430632a0c210cf91
SHA-256: 445eecf53f78a137a506574603013b08a999b86cf378a7a9655def8536065da2
openssl-devel-1.0.0-20.el6_2.9.i686.rpm     MD5: 26b8d8aa050491a6f14e94be027405f1
SHA-256: c175b3464a418246595a7f3070178377faf95780385026e8fb7f9930d94f8fde
openssl-devel-1.0.0-20.el6_2.9.x86_64.rpm     MD5: 1cb03b2a7f80b584e7d7d338d38e9b69
SHA-256: 9c90af6fcefce7f4d42be5f58ce38ca4a7ca0dbac7c84c6388ad6346a53c47b0
openssl-perl-1.0.0-20.el6_2.9.x86_64.rpm     MD5: d13ab64f99e5ab8a5887e948c8ba2e6b
SHA-256: fe003f156e1dda7a24b034c2bc2f1ccd368609df22bb12d96371087c08ac82ec
openssl-static-1.0.0-20.el6_2.9.x86_64.rpm     MD5: ffad7a0711a15a344b42bc1fc6df66a5
SHA-256: 33a93a2352c9114ab91c118050ee9d76be2a5748570f6f8f20ebb8f6b74c1547
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
openssl-1.0.0-27.el6_4.6.src.rpm     MD5: a31d6a7363a323d6d6cd3b2b86d8e3b7
SHA-256: 544f6cbb9702b2cc940a63bc4f5e4815dedeb6b0bb9fb0b460da8593f719f249
 
x86_64:
openssl-1.0.0-27.el6_4.6.i686.rpm     MD5: 1eed7aacfca90f99fc22a8f0616b7a3e
SHA-256: baba8346a7e35f68bb571cff1e69dadc09665303aebbdb28da03b6ad2db34efb
openssl-1.0.0-27.el6_4.6.x86_64.rpm     MD5: a2dd16a44e38c681138519d99e82abeb
SHA-256: 601031a0711fb2f591ad0cbc22bb236687f1f270296269dfa4100c7e7abe07fd
openssl-debuginfo-1.0.0-27.el6_4.6.i686.rpm     MD5: 52d4b73b26921cecded0b5eb49295b85
SHA-256: 2c66121cb6d5d93d7d407ae4f9101a7d708b93940ea8b9d2ef3049925d2ef41b
openssl-debuginfo-1.0.0-27.el6_4.6.x86_64.rpm     MD5: cf962176014fbcfac9fe611ffc9204d7
SHA-256: 2802864bf25f34cbe8eb9bd442d1b0b8944ae48ad2f2eb1863eb76d2f9826f28
openssl-devel-1.0.0-27.el6_4.6.i686.rpm     MD5: bce39dd7b66222f5aa048aeb55d95038
SHA-256: 9c69da3f1e06676b7e893a47e1aafeda436e6e645713a43b953874cbee686d2f
openssl-devel-1.0.0-27.el6_4.6.x86_64.rpm     MD5: 219df41ce6653efba18c31bf19c6159c
SHA-256: 96040b82037ca1d80f2757a59fa3a2e1189caa11c5dcc3e6eb90964ed6615cb4
openssl-perl-1.0.0-27.el6_4.6.x86_64.rpm     MD5: 2312173a2cd99700dd37af87f28607a1
SHA-256: 8cb1bc37241a68550dcbbbf6f3c5f642f5747941d54cd58420263dc477a99d2b
openssl-static-1.0.0-27.el6_4.6.x86_64.rpm     MD5: debebf325d388f14d7e4e5e5aed51424
SHA-256: c032bdd91bf082810e3e1055ad8e82d7d92fb76cbeea793a6655bc161b7a0b20
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
openssl-1.0.1e-16.el6_5.17.src.rpm     MD5: 5ac58715fa3acc201bfbbf9a815e00f6
SHA-256: 15a580360f7ffa8fe9d0016342e14e02d87d4b0539b53289b2ec64f306507737
 
x86_64:
openssl-1.0.1e-16.el6_5.17.i686.rpm     MD5: da3de0115faed9ec745cc09b0a741345
SHA-256: 9864089c87d87ca41eecc1dcd38eee99717b09f5d6c846d253d9f3a52c6b354a
openssl-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: dd0b349d5565f02b9af39fb17c138806
SHA-256: 340745effdd83effe7eb1984ae8e8d09d227daa53db132e8dae1b8e499e4b0eb
openssl-debuginfo-1.0.1e-16.el6_5.17.i686.rpm     MD5: f11a92be85d4aa1d23028e678898d43b
SHA-256: 60644b64ef5ba9cdb3402f03cc434b5b2ea4d85c5d4d32cd19d2cbd4ca21aafa
openssl-debuginfo-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: de2bb10419348c499ff0955dfc687ffa
SHA-256: 3f66efe726b4eea71cebe2092af5a0773113a8f7e8f91be83b75dc12886c2f12
openssl-devel-1.0.1e-16.el6_5.17.i686.rpm     MD5: 1cacc5dd456079b99d3a875e079bcfc8
SHA-256: 7a7291a9058caad5df7c7dc9fb62612dbc4789281236f3868e7c774b44ba772a
openssl-devel-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: 34739629b756a888943e1c0e493ea4e4
SHA-256: 634c600ada6775c86a5267b582a95a217edb7b84297f5db70203ea4b8dd67eb9
openssl-perl-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: 48e9c87355d20a6de39c9a884b80b62f
SHA-256: abb5d288d401308ab477aa50facc17124233c63d4bb693f95fc5e424e3a0230e
openssl-static-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: 1cabfe4d64643d0a221fed979f209129
SHA-256: f52f764cf6435fff35ec8c17fffb5685b6e57c9cfa8eb2235c11b89dfba8f926
 
Red Hat Enterprise Linux Server AUS (v. 6.6)

SRPMS:
openssl-1.0.1e-30.el6_6.13.src.rpm     MD5: 38dececcfb75ac52da2a72f17bb9661e
SHA-256: d8761c3fe41190614eea8c1b5ae644c4a22eb6e68e60bd1a605b8c3d6d90337f
 
x86_64:
openssl-1.0.1e-30.el6_6.13.i686.rpm     MD5: 8859f2839c16d4230e432a5257459bd6
SHA-256: d0b7efd479b4d8687f11f4918eb56c2f89f23147e842662d8fa7c8e93f04df81
openssl-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: 9150eaceabd0c059edc9f8c1217a17c3
SHA-256: d8762b2951728c697acbf15d75d8765947b40553ccbe627e75b1735aca4fd18a
openssl-debuginfo-1.0.1e-30.el6_6.13.i686.rpm     MD5: a426f6f0b7fd346aa183d5661ea6793a
SHA-256: 16f51845dc05eb7a9c964e42cbfd7a158fe465c92edd335977ef94d56147badb
openssl-debuginfo-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: 521ccd1d7d80eaa5f6a16106fbfe6d7f
SHA-256: 4daddf87dd85e0c6237e623cb6d18bc932646c754e23e1976f0c6713fa76e367
openssl-devel-1.0.1e-30.el6_6.13.i686.rpm     MD5: 06958bfdf9a50af710e43d71d7c48562
SHA-256: 516ed3f5d52e218d11ed28113c8f0bec46cc0ba0328a98a3f0df20c7b77d9cbd
openssl-devel-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: c98a4d9d2f67bd7620799afe5c1b81c6
SHA-256: 0fe271b6e90a2edf720a680bce5a95001c5691331278e35dd2b814663071be0d
openssl-perl-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: 9a21ef88e31dc1295b3a9f83fc009d4f
SHA-256: 07cdde29869342623d2af74affcec8f13b3f829b6d4bdbd330cb14d86ebe50ce
openssl-static-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: f6cbe50b60223456f98f789b8de4acb1
SHA-256: 9d926dba715cdcd676c8917992ab11d4c9d9997aa815fdf8941b90b4652f94dc
 
Red Hat Enterprise Linux Server EUS (v. 6.7.z)

SRPMS:
openssl-1.0.1e-42.el6_7.6.src.rpm     MD5: 07ce97b5305e7659d4162d1c16d82131
SHA-256: 212e2a96caf1698cf7fc0237d7c16074b13d105c791256b94d0dab9698b6bc28
 
IA-32:
openssl-1.0.1e-42.el6_7.6.i686.rpm     MD5: 2d850e7fb5f534d05e1f9bdd521b60e5
SHA-256: f0b4a62fd13063cf99834a2288465d96427d8de97bda125cf5ef797b471f8b0a
openssl-debuginfo-1.0.1e-42.el6_7.6.i686.rpm     MD5: 68eb1904283608de2220307d4fd7e496
SHA-256: e225c8183e6e4d50c727245882610e2a2b1564c28d432cc130ca096198afbb3c
openssl-devel-1.0.1e-42.el6_7.6.i686.rpm     MD5: e17d833d9ad11e8a012b5e9a965d5db5
SHA-256: 0215c8d9d0c317c612f3261872558cd6ff0da13e239c4ff5896f907fcd5064cc
openssl-perl-1.0.1e-42.el6_7.6.i686.rpm     MD5: 36f81f537ca51c70bc6143559ef099c5
SHA-256: 9cf86e465f0558e641fca393fa6a685ab72864c03f34caf807478c904dbafa14
openssl-static-1.0.1e-42.el6_7.6.i686.rpm     MD5: e48d0416cef97c8a46e5210942afd8bc
SHA-256: 43cf82fd605f1091f5a89e021f49e6bdd29bdd63972a3b190faecc7437ce502d
 
PPC:
openssl-1.0.1e-42.el6_7.6.ppc.rpm     MD5: 94bcde30fa845895a9c9034f1d8a9f4f
SHA-256: 493c2374648acf21f4b8cba285425656297e3c527b26d1cf89577a2fa3aae4c6
openssl-1.0.1e-42.el6_7.6.ppc64.rpm     MD5: 818946d8d93e8108008b7ab8a31c1d6b
SHA-256: f501ef06d9b628d13c3b78fada647e490e06f309c6093e72dc4ce5d40af86165
openssl-debuginfo-1.0.1e-42.el6_7.6.ppc.rpm     MD5: 114cfd8655d09ad4b019b1753988ed0a
SHA-256: a8074ad5a140c41a41d7d2b4289418c59694fdd050ee6cc68a554527fefb7439
openssl-debuginfo-1.0.1e-42.el6_7.6.ppc64.rpm     MD5: a93a53db1b4f1d355aff4ae9cd671bf7
SHA-256: 3e54f30f40346f962233ae365e0c339e49324da4f487f6863f4767952c235671
openssl-devel-1.0.1e-42.el6_7.6.ppc.rpm     MD5: b6a8687edf10f458fda128828a986371
SHA-256: 5a3f688e979ea361e5a3cfb4ce36c7f1cd63b86a4d0c7cbbd8d00de1379a104b
openssl-devel-1.0.1e-42.el6_7.6.ppc64.rpm     MD5: ec8c7064b06d0adb5f86b24e973cf45d
SHA-256: 598f464c0891147622ea9b00d8d84d8513ac53a1f1f9a3c99468a68dc73467e4
openssl-perl-1.0.1e-42.el6_7.6.ppc64.rpm     MD5: d39e8b062d3a04404473c8b1b36f7ed8
SHA-256: 5858a178f4e8c35c9e4b7bc8bd4685d60b5dd38b6a8d0f5e8fcb28dc934994e5
openssl-static-1.0.1e-42.el6_7.6.ppc64.rpm     MD5: d262d5ef30f00f5e9189b53eee433c1d
SHA-256: 2480b54187f61f0a4425c73d519fb662d703b9e5b50a13e6377da41de549af30
 
s390x:
openssl-1.0.1e-42.el6_7.6.s390.rpm     MD5: 9a4509252069bf9060a747a42e426d8c
SHA-256: e8e20846787b5edc60ca53b9f97795fda2aaca677eb7d2d98aee3ed287b93d2f
openssl-1.0.1e-42.el6_7.6.s390x.rpm     MD5: f71f70909bb665f51e417e42b61ef877
SHA-256: 9551ff1a71e2900434fc3ce7a47775c9137aa8284d6872cd32a67c1e15774c01
openssl-debuginfo-1.0.1e-42.el6_7.6.s390.rpm     MD5: b97586ad6482539e6df0c8fea77284a5
SHA-256: dfe1226730560b3af6a70cd8f1f9ccb1105dd0cf678f7e8127d549242abc082c
openssl-debuginfo-1.0.1e-42.el6_7.6.s390x.rpm     MD5: 8d502bd0b86e00d4f23c82afe7cafb94
SHA-256: 0eb08bb81f826cadae97ebfcbde564ee56561b2c6c43d504f63335dee9050679
openssl-devel-1.0.1e-42.el6_7.6.s390.rpm     MD5: 4150e836ad7f94894684d9753080a181
SHA-256: 3d98fb0dda48a64bb6757e3331fec7e5bbc65680b503df169f1089f2fd196702
openssl-devel-1.0.1e-42.el6_7.6.s390x.rpm     MD5: 37fecbfb17f31b8adea2d960117671d5
SHA-256: 79065e19ddf490fe0533446af42915e66e1644f41472b4635dbe508dcfbaf4c9
openssl-perl-1.0.1e-42.el6_7.6.s390x.rpm     MD5: aac3bedc311301938bbfbee0267a38bc
SHA-256: 0c8ae68aa72fcbfc174e6ea364a0923c35e61c94b68026828fefcf0f28ef09c3
openssl-static-1.0.1e-42.el6_7.6.s390x.rpm     MD5: 8f6c78cd1bd5ce68bd84b8f74de5dc47
SHA-256: 613730ac20110d721ed8518015bb61e0d5d0e75ca0112bdc8444bc6dca130759
 
x86_64:
openssl-1.0.1e-42.el6_7.6.i686.rpm     MD5: 2d850e7fb5f534d05e1f9bdd521b60e5
SHA-256: f0b4a62fd13063cf99834a2288465d96427d8de97bda125cf5ef797b471f8b0a
openssl-1.0.1e-42.el6_7.6.x86_64.rpm     MD5: 9dfe30dcbf8cbc742fb2f1568a320814
SHA-256: f54cc08bc502563a9a48bdb532d65c7ade3f867a4be2f4ce2cf438764af58292
openssl-debuginfo-1.0.1e-42.el6_7.6.i686.rpm     MD5: 68eb1904283608de2220307d4fd7e496
SHA-256: e225c8183e6e4d50c727245882610e2a2b1564c28d432cc130ca096198afbb3c
openssl-debuginfo-1.0.1e-42.el6_7.6.x86_64.rpm     MD5: de98ab289a3aa1df54815ba4512e8f5e
SHA-256: 28e6292f764b38c42cd9dab8a98a445d46f7bef7de94d85e7d9aa0550eba937a
openssl-devel-1.0.1e-42.el6_7.6.i686.rpm     MD5: e17d833d9ad11e8a012b5e9a965d5db5
SHA-256: 0215c8d9d0c317c612f3261872558cd6ff0da13e239c4ff5896f907fcd5064cc
openssl-devel-1.0.1e-42.el6_7.6.x86_64.rpm     MD5: 83e88397f1da07e20cb92144b5ecb783
SHA-256: 42d008f28ae13d4e1811672ea2a5b77bb87d7bb53f06e296e1d96ba1564d3d15
openssl-perl-1.0.1e-42.el6_7.6.x86_64.rpm     MD5: 146a8a64862a157f6e954dbf1f48a3a8
SHA-256: 70558d1c059dd9001e142c689f6b734328db9ed22a5f8967a05a0ec69e877a22
openssl-static-1.0.1e-42.el6_7.6.x86_64.rpm     MD5: 127c31812e733703993cd9b271cad932
SHA-256: de82b2a347d095e09f3abdc086a241c8e560c817c40dba2725064bf85768fbc4
 
Red Hat Enterprise Linux Server TUS (v. 6.5)

SRPMS:
openssl-1.0.1e-16.el6_5.17.src.rpm     MD5: 5ac58715fa3acc201bfbbf9a815e00f6
SHA-256: 15a580360f7ffa8fe9d0016342e14e02d87d4b0539b53289b2ec64f306507737
 
x86_64:
openssl-1.0.1e-16.el6_5.17.i686.rpm     MD5: da3de0115faed9ec745cc09b0a741345
SHA-256: 9864089c87d87ca41eecc1dcd38eee99717b09f5d6c846d253d9f3a52c6b354a
openssl-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: dd0b349d5565f02b9af39fb17c138806
SHA-256: 340745effdd83effe7eb1984ae8e8d09d227daa53db132e8dae1b8e499e4b0eb
openssl-debuginfo-1.0.1e-16.el6_5.17.i686.rpm     MD5: f11a92be85d4aa1d23028e678898d43b
SHA-256: 60644b64ef5ba9cdb3402f03cc434b5b2ea4d85c5d4d32cd19d2cbd4ca21aafa
openssl-debuginfo-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: de2bb10419348c499ff0955dfc687ffa
SHA-256: 3f66efe726b4eea71cebe2092af5a0773113a8f7e8f91be83b75dc12886c2f12
openssl-devel-1.0.1e-16.el6_5.17.i686.rpm     MD5: 1cacc5dd456079b99d3a875e079bcfc8
SHA-256: 7a7291a9058caad5df7c7dc9fb62612dbc4789281236f3868e7c774b44ba772a
openssl-devel-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: 34739629b756a888943e1c0e493ea4e4
SHA-256: 634c600ada6775c86a5267b582a95a217edb7b84297f5db70203ea4b8dd67eb9
openssl-perl-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: 48e9c87355d20a6de39c9a884b80b62f
SHA-256: abb5d288d401308ab477aa50facc17124233c63d4bb693f95fc5e424e3a0230e
openssl-static-1.0.1e-16.el6_5.17.x86_64.rpm     MD5: 1cabfe4d64643d0a221fed979f209129
SHA-256: f52f764cf6435fff35ec8c17fffb5685b6e57c9cfa8eb2235c11b89dfba8f926
 
Red Hat Enterprise Linux Server TUS (v. 6.6)

SRPMS:
openssl-1.0.1e-30.el6_6.13.src.rpm     MD5: 38dececcfb75ac52da2a72f17bb9661e
SHA-256: d8761c3fe41190614eea8c1b5ae644c4a22eb6e68e60bd1a605b8c3d6d90337f
 
x86_64:
openssl-1.0.1e-30.el6_6.13.i686.rpm     MD5: 8859f2839c16d4230e432a5257459bd6
SHA-256: d0b7efd479b4d8687f11f4918eb56c2f89f23147e842662d8fa7c8e93f04df81
openssl-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: 9150eaceabd0c059edc9f8c1217a17c3
SHA-256: d8762b2951728c697acbf15d75d8765947b40553ccbe627e75b1735aca4fd18a
openssl-debuginfo-1.0.1e-30.el6_6.13.i686.rpm     MD5: a426f6f0b7fd346aa183d5661ea6793a
SHA-256: 16f51845dc05eb7a9c964e42cbfd7a158fe465c92edd335977ef94d56147badb
openssl-debuginfo-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: 521ccd1d7d80eaa5f6a16106fbfe6d7f
SHA-256: 4daddf87dd85e0c6237e623cb6d18bc932646c754e23e1976f0c6713fa76e367
openssl-devel-1.0.1e-30.el6_6.13.i686.rpm     MD5: 06958bfdf9a50af710e43d71d7c48562
SHA-256: 516ed3f5d52e218d11ed28113c8f0bec46cc0ba0328a98a3f0df20c7b77d9cbd
openssl-devel-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: c98a4d9d2f67bd7620799afe5c1b81c6
SHA-256: 0fe271b6e90a2edf720a680bce5a95001c5691331278e35dd2b814663071be0d
openssl-perl-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: 9a21ef88e31dc1295b3a9f83fc009d4f
SHA-256: 07cdde29869342623d2af74affcec8f13b3f829b6d4bdbd330cb14d86ebe50ce
openssl-static-1.0.1e-30.el6_6.13.x86_64.rpm     MD5: f6cbe50b60223456f98f789b8de4acb1
SHA-256: 9d926dba715cdcd676c8917992ab11d4c9d9997aa815fdf8941b90b4652f94dc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/