- Issued:
- 2015-07-22
- Updated:
- 2015-07-22
RHBA-2015:1398 - Bug Fix Advisory
Synopsis
openssl bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Updated openssl packages that fix two bugs and add one enhancement are now
available for Red Hat Enterprise Linux 6.
Description
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
This update fixes the following bugs:
- Previously, the ciphers(1) manual page did not describe the following Elliptic Curve Cryptography (ECC) cipher suite groups: Elliptic Curve Diffie–Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA), or TLS version 1.2 (TLSv1.2) specific features. This update adds the missing description of the ECDH and ECDSA cipher groups and TLSv1.2 features to ciphers(1), and the documentation is now complete. (BZ#1119191)
- The server-side renegotiation support did previously not work as expected under certain circumstances. A PostgreSQL failure of database dumps through TLS connection could occur when the size of the dumped data was larger than the value defined in the ssl_renegotiation_limit setting. The regression that caused this bug has been fixed, and the PostgreSQL database dumps through TLS connection no longer fail in the described situation. (BZ#1234487)
In addition, this update adds the following enhancement:
- This update adds the "-keytab" option to the "openssl s_server" command and the "-krb5svc" option to the "openssl s_server" and "openssl s_client" commands. The "-keytab" option allows the user to specify a custom keytab location; if the user does not add "-keytab", the openssl utility assumes the default keytab location. The "-krb5svc" option enables selecting a service other than the "host" service; this allows unprivileged users without keys to the host principal to use "openssl s_server" and "open s_client" with Kerberos. (BZ#961965)
Users of openssl are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
Fixes
- BZ - 1119191 - ciphers(1) man page lacks description of ECC and TLSv1.2 suites
- BZ - 1150032 - OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 [rhel-6]
- BZ - 1226209 - segfault in ssleay_rand_bytes due to locking regression
- BZ - 1234487 - Renegotiation seems partially broken in latest openssl
CVEs
(none)
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| openssl-1.0.1e-42.el6.src.rpm | SHA-256: d2dfd6b1df2a13d8d8330afe9344856eccaf278389970ff917374dc6e3b3de7d |
| x86_64 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-1.0.1e-42.el6.x86_64.rpm | SHA-256: 412361b43345b3a09fd6cf50e525db995a17d8d7e5b9cd310354fe29ad012a19 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-devel-1.0.1e-42.el6.x86_64.rpm | SHA-256: a1ecf81a117936ccbdd38d12c6067e8b92d0ff867cce6bfbe01970d6f3a08c90 |
| openssl-perl-1.0.1e-42.el6.x86_64.rpm | SHA-256: db0e83370ad3a8521e1a9c3e944702b5936f66bfe1954c1aa7b127ef33e020a3 |
| openssl-static-1.0.1e-42.el6.x86_64.rpm | SHA-256: 94e9cb5ea71746510a2830f97a1415189030a818a85f3fab9e15c82af3a29107 |
| i386 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-perl-1.0.1e-42.el6.i686.rpm | SHA-256: 702a9604cdb20b26f0b350b22c2cf44d773d9e0d72ffa5d8bf2e884317bc39c8 |
| openssl-static-1.0.1e-42.el6.i686.rpm | SHA-256: eba912f4bf0c23cf1c1bd5d272ddbe96d9a6a286cc0f27c056e4b9040a3fe5ee |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| openssl-1.0.1e-42.el6.src.rpm | SHA-256: d2dfd6b1df2a13d8d8330afe9344856eccaf278389970ff917374dc6e3b3de7d |
| x86_64 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-1.0.1e-42.el6.x86_64.rpm | SHA-256: 412361b43345b3a09fd6cf50e525db995a17d8d7e5b9cd310354fe29ad012a19 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-devel-1.0.1e-42.el6.x86_64.rpm | SHA-256: a1ecf81a117936ccbdd38d12c6067e8b92d0ff867cce6bfbe01970d6f3a08c90 |
| openssl-perl-1.0.1e-42.el6.x86_64.rpm | SHA-256: db0e83370ad3a8521e1a9c3e944702b5936f66bfe1954c1aa7b127ef33e020a3 |
| openssl-static-1.0.1e-42.el6.x86_64.rpm | SHA-256: 94e9cb5ea71746510a2830f97a1415189030a818a85f3fab9e15c82af3a29107 |
| i386 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-perl-1.0.1e-42.el6.i686.rpm | SHA-256: 702a9604cdb20b26f0b350b22c2cf44d773d9e0d72ffa5d8bf2e884317bc39c8 |
| openssl-static-1.0.1e-42.el6.i686.rpm | SHA-256: eba912f4bf0c23cf1c1bd5d272ddbe96d9a6a286cc0f27c056e4b9040a3fe5ee |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| openssl-1.0.1e-42.el6.src.rpm | SHA-256: d2dfd6b1df2a13d8d8330afe9344856eccaf278389970ff917374dc6e3b3de7d |
| x86_64 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-1.0.1e-42.el6.x86_64.rpm | SHA-256: 412361b43345b3a09fd6cf50e525db995a17d8d7e5b9cd310354fe29ad012a19 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-devel-1.0.1e-42.el6.x86_64.rpm | SHA-256: a1ecf81a117936ccbdd38d12c6067e8b92d0ff867cce6bfbe01970d6f3a08c90 |
| openssl-perl-1.0.1e-42.el6.x86_64.rpm | SHA-256: db0e83370ad3a8521e1a9c3e944702b5936f66bfe1954c1aa7b127ef33e020a3 |
| openssl-static-1.0.1e-42.el6.x86_64.rpm | SHA-256: 94e9cb5ea71746510a2830f97a1415189030a818a85f3fab9e15c82af3a29107 |
| i386 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-perl-1.0.1e-42.el6.i686.rpm | SHA-256: 702a9604cdb20b26f0b350b22c2cf44d773d9e0d72ffa5d8bf2e884317bc39c8 |
| openssl-static-1.0.1e-42.el6.i686.rpm | SHA-256: eba912f4bf0c23cf1c1bd5d272ddbe96d9a6a286cc0f27c056e4b9040a3fe5ee |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| openssl-1.0.1e-42.el6.src.rpm | SHA-256: d2dfd6b1df2a13d8d8330afe9344856eccaf278389970ff917374dc6e3b3de7d |
| s390x | |
| openssl-1.0.1e-42.el6.s390.rpm | SHA-256: d5cf972ad61f3d4d1ea0307c8ea0222ab79bd7c4e5e319ce65bbcada4f12ca86 |
| openssl-1.0.1e-42.el6.s390x.rpm | SHA-256: 49be3882d6e11b93d5daa031ad1fe3310907974d06ee6930b41f2e4929ba6cae |
| openssl-debuginfo-1.0.1e-42.el6.s390.rpm | SHA-256: c1df7ab58bd04fe0cfa20fc06c862e662ce2159c7d1702334e82553a202fdbfc |
| openssl-debuginfo-1.0.1e-42.el6.s390x.rpm | SHA-256: a0fdd673eb7c98217d6f58cec483845166d43bb8fecd950f66914e41d7a90c6c |
| openssl-debuginfo-1.0.1e-42.el6.s390x.rpm | SHA-256: a0fdd673eb7c98217d6f58cec483845166d43bb8fecd950f66914e41d7a90c6c |
| openssl-devel-1.0.1e-42.el6.s390.rpm | SHA-256: 1438e6b51dea85aa33648e2990bb04ca8b8ff476d1debb730c774b33e353e108 |
| openssl-devel-1.0.1e-42.el6.s390x.rpm | SHA-256: 31358f41aa5503e8ced72bb9627901b76ff3e0a263ea37f721a5a27f293990eb |
| openssl-perl-1.0.1e-42.el6.s390x.rpm | SHA-256: 11b7463625cb05963b89666a8ca55b8062dc99277da14aad4ad0ee5e1ca7edea |
| openssl-static-1.0.1e-42.el6.s390x.rpm | SHA-256: 3fabcb4e581bc0f325d815725edd8587a57848ef71ee9ddf1a63fc8e00412e00 |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| openssl-1.0.1e-42.el6.src.rpm | SHA-256: d2dfd6b1df2a13d8d8330afe9344856eccaf278389970ff917374dc6e3b3de7d |
| ppc64 | |
| openssl-1.0.1e-42.el6.ppc.rpm | SHA-256: 35eacf99c2cbb8545c77d2059d7d19f6d0e30fb1a733117d794cd74a087b4401 |
| openssl-1.0.1e-42.el6.ppc64.rpm | SHA-256: 57e82475b706a073ba2264f9893b8f1f49a8cd12b1784ce8c40544c8487c1654 |
| openssl-debuginfo-1.0.1e-42.el6.ppc.rpm | SHA-256: aa2e1ece707d4b269536c001f49c5842b10aca8efd67c39b90e2651e16e82dcc |
| openssl-debuginfo-1.0.1e-42.el6.ppc64.rpm | SHA-256: 29352e4c3841643d168db15a6e3e0ffbb24ef8331cfb07dccd18a05a897e6438 |
| openssl-debuginfo-1.0.1e-42.el6.ppc64.rpm | SHA-256: 29352e4c3841643d168db15a6e3e0ffbb24ef8331cfb07dccd18a05a897e6438 |
| openssl-devel-1.0.1e-42.el6.ppc.rpm | SHA-256: c820b51ba1cba08b1bd5b6369aeb8b003e62286671bf155b25d46a6cda6f3278 |
| openssl-devel-1.0.1e-42.el6.ppc64.rpm | SHA-256: b55a959ee496e15c135fc71c8416de2caf8439c858d9423c9e73214c079ddabd |
| openssl-perl-1.0.1e-42.el6.ppc64.rpm | SHA-256: 92853e7a13fabbe3efa52b4d174b7c68769a7ded6fdbe25cc866b05ec2fa7b9d |
| openssl-static-1.0.1e-42.el6.ppc64.rpm | SHA-256: 36dca1922caf91ff222663f012132086a08c8998c12fd386f02bd02a68c4d68c |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| openssl-1.0.1e-42.el6.src.rpm | SHA-256: d2dfd6b1df2a13d8d8330afe9344856eccaf278389970ff917374dc6e3b3de7d |
| x86_64 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-1.0.1e-42.el6.x86_64.rpm | SHA-256: 412361b43345b3a09fd6cf50e525db995a17d8d7e5b9cd310354fe29ad012a19 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-devel-1.0.1e-42.el6.x86_64.rpm | SHA-256: a1ecf81a117936ccbdd38d12c6067e8b92d0ff867cce6bfbe01970d6f3a08c90 |
| openssl-perl-1.0.1e-42.el6.x86_64.rpm | SHA-256: db0e83370ad3a8521e1a9c3e944702b5936f66bfe1954c1aa7b127ef33e020a3 |
| openssl-static-1.0.1e-42.el6.x86_64.rpm | SHA-256: 94e9cb5ea71746510a2830f97a1415189030a818a85f3fab9e15c82af3a29107 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| openssl-1.0.1e-42.el6.src.rpm | SHA-256: d2dfd6b1df2a13d8d8330afe9344856eccaf278389970ff917374dc6e3b3de7d |
| x86_64 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-1.0.1e-42.el6.x86_64.rpm | SHA-256: 412361b43345b3a09fd6cf50e525db995a17d8d7e5b9cd310354fe29ad012a19 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-debuginfo-1.0.1e-42.el6.x86_64.rpm | SHA-256: e90df99a71d4c5b45ef13176e53befe0d286b7cf1ae3bafdea044881d4186ed8 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-devel-1.0.1e-42.el6.x86_64.rpm | SHA-256: a1ecf81a117936ccbdd38d12c6067e8b92d0ff867cce6bfbe01970d6f3a08c90 |
| openssl-perl-1.0.1e-42.el6.x86_64.rpm | SHA-256: db0e83370ad3a8521e1a9c3e944702b5936f66bfe1954c1aa7b127ef33e020a3 |
| openssl-static-1.0.1e-42.el6.x86_64.rpm | SHA-256: 94e9cb5ea71746510a2830f97a1415189030a818a85f3fab9e15c82af3a29107 |
| i386 | |
| openssl-1.0.1e-42.el6.i686.rpm | SHA-256: 5093f36791b1df61a6eb4afd43f3103fc640378a12c6213506865f15b34716af |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-debuginfo-1.0.1e-42.el6.i686.rpm | SHA-256: 7c0e7e4dc7b580943626a4eb9c7e59decd1a9d3524ccbb2482aaf815242349c0 |
| openssl-devel-1.0.1e-42.el6.i686.rpm | SHA-256: 4cbc424466977e1da9109f00e635e079035f74940ed88a9afe8e1485c97f1b6c |
| openssl-perl-1.0.1e-42.el6.i686.rpm | SHA-256: 702a9604cdb20b26f0b350b22c2cf44d773d9e0d72ffa5d8bf2e884317bc39c8 |
| openssl-static-1.0.1e-42.el6.i686.rpm | SHA-256: eba912f4bf0c23cf1c1bd5d272ddbe96d9a6a286cc0f27c056e4b9040a3fe5ee |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.