- Issued:
- 2009-01-20
- Updated:
- 2009-01-20
RHBA-2009:0181 - Bug Fix Advisory
Synopsis
openssl bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated openssl packages that fix various bugs are now available.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a full-strength
general purpose cryptography library.
These updated packages fix the following bugs:
- by default, zlib compression is used for SSL and TLS connections. On
IBM System z architectures with Central Processor Assist for Cryptographic
Function (CPACF), compression became the main part of the CPU load, and
total performance was determined by the speed of the compression, not the
speed of the encryption. When compression is disabled, the total
performance is much higher. In these updated packages, zlib compression for
SSL and TLS connections can be disabled with the "OPENSSL_NO_DEFAULT_ZLIB"
environment variable. For TLS connections over a slow network, it is better
to leave compression on, so that the amount of data to be transferred is
lower.
- when using the "openssl" command with the "s_client" and "s_server"
options, the default CA certificates file,
"/etc/pki/tls/certs/ca-bundle.crt", was not read. This resulted in
certificates failing verification. In order for certificates to pass
verification, the "-CAfile /etc/pki/tls/certs/ca-bundle.crt" option had to
be used. In these updated packages, the default CA certificates file is
read, and no longer needs to be specified with the "-CAfile" option.
Also, these updated packages upgrade OpenSSL to a later upstream version,
which is currently undergoing the FIPS-140-2 (Federal Information
Processing Standards) validation process.
Users of openssl are advised to upgrade to these updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 450987 - should /etc/pki/tls/certs/ca-bundle.crt not be the default one used?
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| openssl-0.9.8e-7.el5.src.rpm | SHA-256: 09644133518553f75c84cfc32a446b358ec06d5252c76f28f790a04674dda489 |
| x86_64 | |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-0.9.8e-7.el5.x86_64.rpm | SHA-256: e9ddd55f68e991c5337413f5231ca54fa1c1b58641e33f39ed85fa9fd9206800 |
| openssl-devel-0.9.8e-7.el5.i386.rpm | SHA-256: 2a5974f3fa35f79652a6b5113333179379682c8d72d0a6ea46925dc816d1c3af |
| openssl-devel-0.9.8e-7.el5.x86_64.rpm | SHA-256: 77548404bf551f3be317c34df731d5252f6e8db42ee653b4892f407aca0c35ee |
| openssl-perl-0.9.8e-7.el5.x86_64.rpm | SHA-256: 723ff2308dff6d3045d5c79dace230b81eee42f4f03312f7d66f448c6aaebd19 |
| ia64 | |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-0.9.8e-7.el5.ia64.rpm | SHA-256: 8aacae4696d87a5843d47ff1f142d90b62ccd78a6fcc7c2e9803e1030b5f874e |
| openssl-devel-0.9.8e-7.el5.ia64.rpm | SHA-256: 0a42976e15b7f976e7e9cbae8435ba009e95d170b9c72cfc97ee8a255407bfe2 |
| openssl-perl-0.9.8e-7.el5.ia64.rpm | SHA-256: 728f8a043cbcf0fecdd3e2ef597d4e854457498d917ea416c8356304d77334f2 |
| i386 | |
| openssl-0.9.8e-7.el5.i386.rpm | SHA-256: f24136789f4b4eff44eff3bc76fa2875d16cac15d017a4c279662fba7d2fcfc6 |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-devel-0.9.8e-7.el5.i386.rpm | SHA-256: 2a5974f3fa35f79652a6b5113333179379682c8d72d0a6ea46925dc816d1c3af |
| openssl-perl-0.9.8e-7.el5.i386.rpm | SHA-256: 1242ea53fc961cd63d7c3d422a58771cbce4df6631158fa5727c8b7a2c6ec219 |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| openssl-0.9.8e-7.el5.src.rpm | SHA-256: 09644133518553f75c84cfc32a446b358ec06d5252c76f28f790a04674dda489 |
| x86_64 | |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-0.9.8e-7.el5.x86_64.rpm | SHA-256: e9ddd55f68e991c5337413f5231ca54fa1c1b58641e33f39ed85fa9fd9206800 |
| openssl-devel-0.9.8e-7.el5.i386.rpm | SHA-256: 2a5974f3fa35f79652a6b5113333179379682c8d72d0a6ea46925dc816d1c3af |
| openssl-devel-0.9.8e-7.el5.x86_64.rpm | SHA-256: 77548404bf551f3be317c34df731d5252f6e8db42ee653b4892f407aca0c35ee |
| openssl-perl-0.9.8e-7.el5.x86_64.rpm | SHA-256: 723ff2308dff6d3045d5c79dace230b81eee42f4f03312f7d66f448c6aaebd19 |
| i386 | |
| openssl-0.9.8e-7.el5.i386.rpm | SHA-256: f24136789f4b4eff44eff3bc76fa2875d16cac15d017a4c279662fba7d2fcfc6 |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-devel-0.9.8e-7.el5.i386.rpm | SHA-256: 2a5974f3fa35f79652a6b5113333179379682c8d72d0a6ea46925dc816d1c3af |
| openssl-perl-0.9.8e-7.el5.i386.rpm | SHA-256: 1242ea53fc961cd63d7c3d422a58771cbce4df6631158fa5727c8b7a2c6ec219 |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| openssl-0.9.8e-7.el5.src.rpm | SHA-256: 09644133518553f75c84cfc32a446b358ec06d5252c76f28f790a04674dda489 |
| x86_64 | |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-0.9.8e-7.el5.x86_64.rpm | SHA-256: e9ddd55f68e991c5337413f5231ca54fa1c1b58641e33f39ed85fa9fd9206800 |
| openssl-perl-0.9.8e-7.el5.x86_64.rpm | SHA-256: 723ff2308dff6d3045d5c79dace230b81eee42f4f03312f7d66f448c6aaebd19 |
| i386 | |
| openssl-0.9.8e-7.el5.i386.rpm | SHA-256: f24136789f4b4eff44eff3bc76fa2875d16cac15d017a4c279662fba7d2fcfc6 |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-perl-0.9.8e-7.el5.i386.rpm | SHA-256: 1242ea53fc961cd63d7c3d422a58771cbce4df6631158fa5727c8b7a2c6ec219 |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| openssl-0.9.8e-7.el5.src.rpm | SHA-256: 09644133518553f75c84cfc32a446b358ec06d5252c76f28f790a04674dda489 |
| s390x | |
| openssl-0.9.8e-7.el5.s390.rpm | SHA-256: 7ed584dd285504c839c855d1d22f647b643735687201b8efd02d1d6eeb5374c9 |
| openssl-0.9.8e-7.el5.s390x.rpm | SHA-256: d1989516ce147d1875fe4b62d946f30da190bde488f61b1ad9c0d55f3efaeea0 |
| openssl-devel-0.9.8e-7.el5.s390.rpm | SHA-256: bb2da6a713f5d0e5127575c367fd0f2ab7d388b5965e71e00d6c04aeb6e7a570 |
| openssl-devel-0.9.8e-7.el5.s390x.rpm | SHA-256: 76fea920e8d5cc4dd44ae39ec855d85ad88b513c24f04a89f0d29943c53a693e |
| openssl-perl-0.9.8e-7.el5.s390x.rpm | SHA-256: 4ae5b78cc87470685943cf935bf90f7a18daf4dbe05de3474d2fbf0d5ddc4527 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| openssl-0.9.8e-7.el5.src.rpm | SHA-256: 09644133518553f75c84cfc32a446b358ec06d5252c76f28f790a04674dda489 |
| ppc | |
| openssl-0.9.8e-7.el5.ppc.rpm | SHA-256: 2bde3a25150465b8af90fb081105717358ee1e675b85dd59aafd0327693d72f4 |
| openssl-0.9.8e-7.el5.ppc64.rpm | SHA-256: 7273293a661c58c5983c0be1b8380cb5e53e0cd1708a9e16febbcf8709cbd7a6 |
| openssl-devel-0.9.8e-7.el5.ppc.rpm | SHA-256: f61faee88147ceedfdf87ddd55d0e2eb231c520561a786f5aa0a2e8489b30117 |
| openssl-devel-0.9.8e-7.el5.ppc64.rpm | SHA-256: bbe116812e0c62ca0b2f410c584bf0aafd45321da956a9fcc07dd3f6548a4e9a |
| openssl-perl-0.9.8e-7.el5.ppc.rpm | SHA-256: 9265695dd74b21f34f46baaee7e6320d2c87d07ebfcddff0aa37043257abfcb0 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| openssl-0.9.8e-7.el5.src.rpm | SHA-256: 09644133518553f75c84cfc32a446b358ec06d5252c76f28f790a04674dda489 |
| x86_64 | |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-0.9.8e-7.el5.x86_64.rpm | SHA-256: e9ddd55f68e991c5337413f5231ca54fa1c1b58641e33f39ed85fa9fd9206800 |
| openssl-devel-0.9.8e-7.el5.i386.rpm | SHA-256: 2a5974f3fa35f79652a6b5113333179379682c8d72d0a6ea46925dc816d1c3af |
| openssl-devel-0.9.8e-7.el5.x86_64.rpm | SHA-256: 77548404bf551f3be317c34df731d5252f6e8db42ee653b4892f407aca0c35ee |
| openssl-perl-0.9.8e-7.el5.x86_64.rpm | SHA-256: 723ff2308dff6d3045d5c79dace230b81eee42f4f03312f7d66f448c6aaebd19 |
| i386 | |
| openssl-0.9.8e-7.el5.i386.rpm | SHA-256: f24136789f4b4eff44eff3bc76fa2875d16cac15d017a4c279662fba7d2fcfc6 |
| openssl-0.9.8e-7.el5.i686.rpm | SHA-256: 573d3ced23e4ce0b7683b58adb5e5ee54a0b71a7ae24b684b89b6c248e989e2f |
| openssl-devel-0.9.8e-7.el5.i386.rpm | SHA-256: 2a5974f3fa35f79652a6b5113333179379682c8d72d0a6ea46925dc816d1c3af |
| openssl-perl-0.9.8e-7.el5.i386.rpm | SHA-256: 1242ea53fc961cd63d7c3d422a58771cbce4df6631158fa5727c8b7a2c6ec219 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
