Important: openssl security update
| Advisory: | RHSA-2014:0625-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Important |
| Issued on: | 2014-06-05 |
| Last updated on: | 2014-06-05 |
| Affected Products: | Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server AUS (v. 6.5) Red Hat Enterprise Linux Server EUS (v. 6.5.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 |
Details
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. A remote attacker could possibly use this flaw to execute
arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Updated packages
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| openssl-1.0.1e-16.el6_5.14.src.rpm | MD5: 162e9502a19e07c0bdf7b38afd7d172f SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40 |
| IA-32: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-perl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 7151a2e480ee2624074cdb7c741b98e4 SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18 |
| openssl-static-1.0.1e-16.el6_5.14.i686.rpm | MD5: 79495e8fbeb86ee1bd49226c68f1777c SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00 |
| x86_64: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ad2972e24df86beb4fedad15024d2aea SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 0934b6c2d1eac77533f68db06b613e3c SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: f6f157a51527e6dbe330d5d18c0e59f2 SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef |
| openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ccb46e0840139e77e2b41cc6b5c556f6 SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041 |
| openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 29a3460b0dfb74dd18c1a8724dec75ad SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e |
| Red Hat Enterprise Linux HPC Node (v. 6) | |
| SRPMS: | |
| openssl-1.0.1e-16.el6_5.14.src.rpm | MD5: 162e9502a19e07c0bdf7b38afd7d172f SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40 |
| x86_64: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ad2972e24df86beb4fedad15024d2aea SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 0934b6c2d1eac77533f68db06b613e3c SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: f6f157a51527e6dbe330d5d18c0e59f2 SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef |
| openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ccb46e0840139e77e2b41cc6b5c556f6 SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041 |
| openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 29a3460b0dfb74dd18c1a8724dec75ad SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| openssl-1.0.1e-16.el6_5.14.src.rpm | MD5: 162e9502a19e07c0bdf7b38afd7d172f SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40 |
| IA-32: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-perl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 7151a2e480ee2624074cdb7c741b98e4 SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18 |
| openssl-static-1.0.1e-16.el6_5.14.i686.rpm | MD5: 79495e8fbeb86ee1bd49226c68f1777c SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00 |
| PPC: | |
| openssl-1.0.1e-16.el6_5.14.ppc.rpm | MD5: 050807fd08d3ab7308bf6a91f8cf87a8 SHA-256: 3bdc036bbac5a9eec57314ed942f49782bf71be02a9c6031d02826fdeab3eb04 |
| openssl-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: a9611c6c2071e8614f86b2be523ccdac SHA-256: e8b577eccaa28e6c31c4f43ec2b281bd36e669526c28dd8edd9d8bbd7aa6d455 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm | MD5: dd8f5f0e47fe993ac8f2c17528b32c27 SHA-256: d386ed56c150d1fb4564dbf6ab0a1a4673c765b10d63972a8629f3287d189421 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: 56ee426ead6fc7b9e0cdb69b385d3c7c SHA-256: eeae5f00378192bfc8d533864665eeb93a0f9c94405e7a73b53f4abb7bd3817a |
| openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm | MD5: 3201f8d1b0d77127c78e2db581fbeceb SHA-256: af6ff5ece0d6f08317f0c5a8e390c47238608a5d49a9beec83275ef4b148fd8f |
| openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: f4eace36080b7aa37260115107f5e657 SHA-256: f1bf095c0268e6f2021e7a1ef7c6fcc99041e2ea11da3c47ff19eebd4ef055cd |
| openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: 229e85cab03a45586c750474834ada89 SHA-256: 923a642d3131e2615443626dd6c304935f3753b637e7103977da2f50c7ca0085 |
| openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: 4170793c358292641478f4b11360e7c7 SHA-256: 4aafc99b0f38a2494fbf80dc1f65a7b0e5bbe0810d7767cbfea49057a2ba3392 |
| s390x: | |
| openssl-1.0.1e-16.el6_5.14.s390.rpm | MD5: 46b4f28f28822ce29012351a8e6e9138 SHA-256: 9fe5cdb7c18e123a07d383bd3c5e22271ce6993d98be3ef87bafb0e1d9c96042 |
| openssl-1.0.1e-16.el6_5.14.s390x.rpm | MD5: c9c7a2a35561776463168fb202ea0d68 SHA-256: 8d3621205762eb9e00047724e446ace96236fd4a5fb4d1ea16b867d63b3f74d6 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm | MD5: 442ce17d08e3df903f16c3f55519b4e0 SHA-256: 9756e7dfb21e0709e2a469aea56714ed38f8ba19bec1b0046815244b854e0b19 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 3c0463244711a093cb3eb779dd746563 SHA-256: bb7b484e6b14e9c4b60f6968b7f0d79704be4928a32f038c0dfeb4ccaf255c1e |
| openssl-devel-1.0.1e-16.el6_5.14.s390.rpm | MD5: 5edb2b7d8845b299954bebdb74b16afd SHA-256: 8fc075fbee182bdbf74d03f80001ea19ab3e0295863647337c97b92f0030b78e |
| openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 0e74aeec9d394ae162b57157c08ff307 SHA-256: d4f571e63f95826cbc42c950ad7659c2d11b061fff1cea039cbe748b66356753 |
| openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 8e33cd472402159c59ddc86c575f452b SHA-256: 2e3def534a6d1d592957205cd59504e67f59e1e68aacf7eb277b1ca7b41144e1 |
| openssl-static-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 01329523d0c0fea7b67562809aba7c97 SHA-256: 21fc656966d280a00e92e1803a79d8b9d5653145df913fe4b6dc218fee655a9e |
| x86_64: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ad2972e24df86beb4fedad15024d2aea SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 0934b6c2d1eac77533f68db06b613e3c SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: f6f157a51527e6dbe330d5d18c0e59f2 SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef |
| openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ccb46e0840139e77e2b41cc6b5c556f6 SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041 |
| openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 29a3460b0dfb74dd18c1a8724dec75ad SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e |
| Red Hat Enterprise Linux Server AUS (v. 6.5) | |
| SRPMS: | |
| openssl-1.0.1e-16.el6_5.14.src.rpm | MD5: 162e9502a19e07c0bdf7b38afd7d172f SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40 |
| x86_64: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ad2972e24df86beb4fedad15024d2aea SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 0934b6c2d1eac77533f68db06b613e3c SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: f6f157a51527e6dbe330d5d18c0e59f2 SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef |
| openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ccb46e0840139e77e2b41cc6b5c556f6 SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041 |
| openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 29a3460b0dfb74dd18c1a8724dec75ad SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e |
| Red Hat Enterprise Linux Server EUS (v. 6.5.z) | |
| SRPMS: | |
| openssl-1.0.1e-16.el6_5.14.src.rpm | MD5: 162e9502a19e07c0bdf7b38afd7d172f SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40 |
| IA-32: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-perl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 7151a2e480ee2624074cdb7c741b98e4 SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18 |
| openssl-static-1.0.1e-16.el6_5.14.i686.rpm | MD5: 79495e8fbeb86ee1bd49226c68f1777c SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00 |
| PPC: | |
| openssl-1.0.1e-16.el6_5.14.ppc.rpm | MD5: 050807fd08d3ab7308bf6a91f8cf87a8 SHA-256: 3bdc036bbac5a9eec57314ed942f49782bf71be02a9c6031d02826fdeab3eb04 |
| openssl-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: a9611c6c2071e8614f86b2be523ccdac SHA-256: e8b577eccaa28e6c31c4f43ec2b281bd36e669526c28dd8edd9d8bbd7aa6d455 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm | MD5: dd8f5f0e47fe993ac8f2c17528b32c27 SHA-256: d386ed56c150d1fb4564dbf6ab0a1a4673c765b10d63972a8629f3287d189421 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: 56ee426ead6fc7b9e0cdb69b385d3c7c SHA-256: eeae5f00378192bfc8d533864665eeb93a0f9c94405e7a73b53f4abb7bd3817a |
| openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm | MD5: 3201f8d1b0d77127c78e2db581fbeceb SHA-256: af6ff5ece0d6f08317f0c5a8e390c47238608a5d49a9beec83275ef4b148fd8f |
| openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: f4eace36080b7aa37260115107f5e657 SHA-256: f1bf095c0268e6f2021e7a1ef7c6fcc99041e2ea11da3c47ff19eebd4ef055cd |
| openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: 229e85cab03a45586c750474834ada89 SHA-256: 923a642d3131e2615443626dd6c304935f3753b637e7103977da2f50c7ca0085 |
| openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm | MD5: 4170793c358292641478f4b11360e7c7 SHA-256: 4aafc99b0f38a2494fbf80dc1f65a7b0e5bbe0810d7767cbfea49057a2ba3392 |
| s390x: | |
| openssl-1.0.1e-16.el6_5.14.s390.rpm | MD5: 46b4f28f28822ce29012351a8e6e9138 SHA-256: 9fe5cdb7c18e123a07d383bd3c5e22271ce6993d98be3ef87bafb0e1d9c96042 |
| openssl-1.0.1e-16.el6_5.14.s390x.rpm | MD5: c9c7a2a35561776463168fb202ea0d68 SHA-256: 8d3621205762eb9e00047724e446ace96236fd4a5fb4d1ea16b867d63b3f74d6 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm | MD5: 442ce17d08e3df903f16c3f55519b4e0 SHA-256: 9756e7dfb21e0709e2a469aea56714ed38f8ba19bec1b0046815244b854e0b19 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 3c0463244711a093cb3eb779dd746563 SHA-256: bb7b484e6b14e9c4b60f6968b7f0d79704be4928a32f038c0dfeb4ccaf255c1e |
| openssl-devel-1.0.1e-16.el6_5.14.s390.rpm | MD5: 5edb2b7d8845b299954bebdb74b16afd SHA-256: 8fc075fbee182bdbf74d03f80001ea19ab3e0295863647337c97b92f0030b78e |
| openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 0e74aeec9d394ae162b57157c08ff307 SHA-256: d4f571e63f95826cbc42c950ad7659c2d11b061fff1cea039cbe748b66356753 |
| openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 8e33cd472402159c59ddc86c575f452b SHA-256: 2e3def534a6d1d592957205cd59504e67f59e1e68aacf7eb277b1ca7b41144e1 |
| openssl-static-1.0.1e-16.el6_5.14.s390x.rpm | MD5: 01329523d0c0fea7b67562809aba7c97 SHA-256: 21fc656966d280a00e92e1803a79d8b9d5653145df913fe4b6dc218fee655a9e |
| x86_64: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ad2972e24df86beb4fedad15024d2aea SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 0934b6c2d1eac77533f68db06b613e3c SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: f6f157a51527e6dbe330d5d18c0e59f2 SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef |
| openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ccb46e0840139e77e2b41cc6b5c556f6 SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041 |
| openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 29a3460b0dfb74dd18c1a8724dec75ad SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| openssl-1.0.1e-16.el6_5.14.src.rpm | MD5: 162e9502a19e07c0bdf7b38afd7d172f SHA-256: ab68fd1c76bf8c255702fac80d6e704cb9bc00e0dbf5156ecc6925a457621d40 |
| IA-32: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-perl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 7151a2e480ee2624074cdb7c741b98e4 SHA-256: f247fb6a5fe1a0f53bff3d3f1d36a397ddcafab3d29aeff6027f4e8814fd9c18 |
| openssl-static-1.0.1e-16.el6_5.14.i686.rpm | MD5: 79495e8fbeb86ee1bd49226c68f1777c SHA-256: a8ff5121d39822cfeda6ee4af7719f28ec3ea6357c052bdb2ec55d4c2c7ebd00 |
| x86_64: | |
| openssl-1.0.1e-16.el6_5.14.i686.rpm | MD5: 44859a9c8d10af3850c42dd2a4822eea SHA-256: 4b50797eb0921b176f3788b042473441e6469b21d9b647394f7db7624661c731 |
| openssl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ad2972e24df86beb4fedad15024d2aea SHA-256: 4ea27a628dc8a23c4f5e15c28e76a9949f44e568a47475e78cad871492bc4a03 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm | MD5: 909cb0303ae5615f4216e13ebf0b2016 SHA-256: b1666b1ba41c13672316eb93c2c0f2727c114a8631341d976cc8c0ba07839e56 |
| openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 0934b6c2d1eac77533f68db06b613e3c SHA-256: 6e12023bb8869c32d288a5f9d87846b82124777481762044b36c79c2cdaee40d |
| openssl-devel-1.0.1e-16.el6_5.14.i686.rpm | MD5: da8eff381c902443ddfa8d7a52a2ceb5 SHA-256: 90f27cc7ed3451782a3521a8c1c38ed9d983c2e2a31de716a07b6d95f1fde3b8 |
| openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: f6f157a51527e6dbe330d5d18c0e59f2 SHA-256: e87ce459cf7c2b3687fd702bc9a8beba8218b4ec33cfe9de33d8e8888828dcef |
| openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: ccb46e0840139e77e2b41cc6b5c556f6 SHA-256: 1fbd2f2ba169cf924976b7529ddabbb676f1714689e36f06ccd47c0c380ba041 |
| openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm | MD5: 29a3460b0dfb74dd18c1a8724dec75ad SHA-256: 1b55e916753f4e976ad4e6a26d19c3f0e9dbc9b19229a2014f3fa8b52142553e |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free
1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
References
https://www.redhat.com/security/data/cve/CVE-2010-5298.html
https://www.redhat.com/security/data/cve/CVE-2014-0195.html
https://www.redhat.com/security/data/cve/CVE-2014-0198.html
https://www.redhat.com/security/data/cve/CVE-2014-0221.html
https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://www.redhat.com/security/data/cve/CVE-2014-3470.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
https://www.redhat.com/security/data/cve/CVE-2014-0195.html
https://www.redhat.com/security/data/cve/CVE-2014-0198.html
https://www.redhat.com/security/data/cve/CVE-2014-0221.html
https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://www.redhat.com/security/data/cve/CVE-2014-3470.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/