Red Hat Product Errata RHSA-2005:476 - Security Advisory
Issued:
2005-06-01
Updated:
2005-06-01

RHSA-2005:476 - Security Advisory

Synopsis

openssl security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated OpenSSL packages that fix security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

Colin Percival reported a cache timing attack that could allow a malicious
local user to gain portions of cryptographic keys. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CAN-2005-0109 to the issue. The OpenSSL library has been patched to add a
new fixed-window mod_exp implementation as default for RSA, DSA, and DH
private-key operations. This patch is designed to mitigate cache timing
and potentially related attacks.

A flaw was found in the way the der_chop script creates temporary files. It
is possible that a malicious local user could cause der_chop to overwrite
files (CAN-2004-0975). The der_chop script was deprecated and has been
removed from these updated packages. Red Hat Enterprise Linux 4 did not
ship der_chop and is therefore not vulnerable to this issue.

Users are advised to update to these erratum packages which contain patches
to correct these issues.

Please note: After installing this update, users are advised to either
restart all services that use OpenSSL or restart their system.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 136302 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
  • BZ - 140061 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
  • BZ - 157631 - CAN-2005-0109 timing attack on OpenSSL with HT

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
x86_64
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.x86_64.rpm SHA-256: 4406067275ddc16b2fab834f833e30588e4c6301168c1e0dba41a110b257d83d
openssl-0.9.7a-43.2.x86_64.rpm SHA-256: 4406067275ddc16b2fab834f833e30588e4c6301168c1e0dba41a110b257d83d
openssl-devel-0.9.7a-43.2.x86_64.rpm SHA-256: ef7ea0ec1c80ca6b50ba2a16ab66477c73b8a2d67becb7b2393064a0631fb8e1
openssl-devel-0.9.7a-43.2.x86_64.rpm SHA-256: ef7ea0ec1c80ca6b50ba2a16ab66477c73b8a2d67becb7b2393064a0631fb8e1
openssl-perl-0.9.7a-43.2.x86_64.rpm SHA-256: c7a70e8e67bf0a4877fc7ebde62a4e13aaf884ea4b9f9948075b56516e398589
openssl-perl-0.9.7a-43.2.x86_64.rpm SHA-256: c7a70e8e67bf0a4877fc7ebde62a4e13aaf884ea4b9f9948075b56516e398589
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.x86_64.rpm SHA-256: 14d8109e0479ea60e377fb05dc6a68cda2c45150cfee40d66016ee21867f52e1
openssl096b-0.9.6b-22.3.x86_64.rpm SHA-256: 14d8109e0479ea60e377fb05dc6a68cda2c45150cfee40d66016ee21867f52e1
ia64
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.ia64.rpm SHA-256: 8d2fb991d574980bb2ddcab45bff331de08ddd32a87ce7d73da25e6043deb0d4
openssl-0.9.7a-43.2.ia64.rpm SHA-256: 8d2fb991d574980bb2ddcab45bff331de08ddd32a87ce7d73da25e6043deb0d4
openssl-devel-0.9.7a-43.2.ia64.rpm SHA-256: 66342213c3f3da852d48da4b2412fefffc5af3efb031d95b3ab9092c1d1c11b9
openssl-devel-0.9.7a-43.2.ia64.rpm SHA-256: 66342213c3f3da852d48da4b2412fefffc5af3efb031d95b3ab9092c1d1c11b9
openssl-perl-0.9.7a-43.2.ia64.rpm SHA-256: 7616584b936ad38d2b35ab8ff988624b51786776f1475f3c8ce042e2827cfca6
openssl-perl-0.9.7a-43.2.ia64.rpm SHA-256: 7616584b936ad38d2b35ab8ff988624b51786776f1475f3c8ce042e2827cfca6
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.ia64.rpm SHA-256: 5710078ea661f89e76614bc17cfb301916d80fd3e95ff4413524ea18258b2c88
openssl096b-0.9.6b-22.3.ia64.rpm SHA-256: 5710078ea661f89e76614bc17cfb301916d80fd3e95ff4413524ea18258b2c88
i386
openssl-0.9.7a-43.2.i386.rpm SHA-256: 4b353bbd7751212695bb03abe12a621bc0e30062f30849f5261948721a956a91
openssl-0.9.7a-43.2.i386.rpm SHA-256: 4b353bbd7751212695bb03abe12a621bc0e30062f30849f5261948721a956a91
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-devel-0.9.7a-43.2.i386.rpm SHA-256: 7fca87942ffba83fdffde5887da741a3237823970ae374c9268a8b2b7cfb7594
openssl-devel-0.9.7a-43.2.i386.rpm SHA-256: 7fca87942ffba83fdffde5887da741a3237823970ae374c9268a8b2b7cfb7594
openssl-perl-0.9.7a-43.2.i386.rpm SHA-256: 86b0093f543e139657865cbd705fac061e22ebe35c43b4a6b51c4072c8ce042a
openssl-perl-0.9.7a-43.2.i386.rpm SHA-256: 86b0093f543e139657865cbd705fac061e22ebe35c43b4a6b51c4072c8ce042a
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.x86_64.rpm SHA-256: 4406067275ddc16b2fab834f833e30588e4c6301168c1e0dba41a110b257d83d
openssl-devel-0.9.7a-43.2.x86_64.rpm SHA-256: ef7ea0ec1c80ca6b50ba2a16ab66477c73b8a2d67becb7b2393064a0631fb8e1
openssl-perl-0.9.7a-43.2.x86_64.rpm SHA-256: c7a70e8e67bf0a4877fc7ebde62a4e13aaf884ea4b9f9948075b56516e398589
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.x86_64.rpm SHA-256: 14d8109e0479ea60e377fb05dc6a68cda2c45150cfee40d66016ee21867f52e1
ia64
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.ia64.rpm SHA-256: 8d2fb991d574980bb2ddcab45bff331de08ddd32a87ce7d73da25e6043deb0d4
openssl-devel-0.9.7a-43.2.ia64.rpm SHA-256: 66342213c3f3da852d48da4b2412fefffc5af3efb031d95b3ab9092c1d1c11b9
openssl-perl-0.9.7a-43.2.ia64.rpm SHA-256: 7616584b936ad38d2b35ab8ff988624b51786776f1475f3c8ce042e2827cfca6
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.ia64.rpm SHA-256: 5710078ea661f89e76614bc17cfb301916d80fd3e95ff4413524ea18258b2c88
i386
openssl-0.9.7a-43.2.i386.rpm SHA-256: 4b353bbd7751212695bb03abe12a621bc0e30062f30849f5261948721a956a91
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-devel-0.9.7a-43.2.i386.rpm SHA-256: 7fca87942ffba83fdffde5887da741a3237823970ae374c9268a8b2b7cfb7594
openssl-perl-0.9.7a-43.2.i386.rpm SHA-256: 86b0093f543e139657865cbd705fac061e22ebe35c43b4a6b51c4072c8ce042a
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-0.9.7a-43.2.x86_64.rpm SHA-256: 4406067275ddc16b2fab834f833e30588e4c6301168c1e0dba41a110b257d83d
openssl-devel-0.9.7a-43.2.x86_64.rpm SHA-256: ef7ea0ec1c80ca6b50ba2a16ab66477c73b8a2d67becb7b2393064a0631fb8e1
openssl-perl-0.9.7a-43.2.x86_64.rpm SHA-256: c7a70e8e67bf0a4877fc7ebde62a4e13aaf884ea4b9f9948075b56516e398589
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d
openssl096b-0.9.6b-22.3.x86_64.rpm SHA-256: 14d8109e0479ea60e377fb05dc6a68cda2c45150cfee40d66016ee21867f52e1
i386
openssl-0.9.7a-43.2.i386.rpm SHA-256: 4b353bbd7751212695bb03abe12a621bc0e30062f30849f5261948721a956a91
openssl-0.9.7a-43.2.i686.rpm SHA-256: e018a71ec6614e43b82e4c95315d81b0958fe20748246716029c62b2ed9b4e65
openssl-devel-0.9.7a-43.2.i386.rpm SHA-256: 7fca87942ffba83fdffde5887da741a3237823970ae374c9268a8b2b7cfb7594
openssl-perl-0.9.7a-43.2.i386.rpm SHA-256: 86b0093f543e139657865cbd705fac061e22ebe35c43b4a6b51c4072c8ce042a
openssl096b-0.9.6b-22.3.i386.rpm SHA-256: b7bbac398844f2e0822231c80a848c8191e0c678d25ef4fafcbb28421a54507d

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
openssl-0.9.7a-43.2.s390.rpm SHA-256: 1d6f8f3740348acb18acf9c1d640fd994919debec294ebcf174085f5d3caf894
openssl-0.9.7a-43.2.s390x.rpm SHA-256: 728f3c6644fc719c2b04eb9fca2bddb181898de86f181e4baa68987e95a6c64d
openssl-devel-0.9.7a-43.2.s390x.rpm SHA-256: f4b701ef11ab228bc97dc8e52b8ca3a5ce53d61ce13efe4ce3fe53dbd3e16912
openssl-perl-0.9.7a-43.2.s390x.rpm SHA-256: 63a8bf07406b513553f04e6197b66535ac7928321b7ade3bc9311cbbb199ad89
openssl096b-0.9.6b-22.3.s390.rpm SHA-256: 1b17509fb9b9a4aa1cc4d550cd9a271e967e88ec141bd074fd880577abc13d2a
s390
openssl-0.9.7a-43.2.s390.rpm SHA-256: 1d6f8f3740348acb18acf9c1d640fd994919debec294ebcf174085f5d3caf894
openssl-devel-0.9.7a-43.2.s390.rpm SHA-256: 3d72ad8ba37961eedb8fe7eab16eadcf928a6e747d72051946e2b80f801f6b8a
openssl-perl-0.9.7a-43.2.s390.rpm SHA-256: f54f5bcfa35b935a9b8b1402b7079b53a22a7a5acbc61c9e27e6c445f26529e6
openssl096b-0.9.6b-22.3.s390.rpm SHA-256: 1b17509fb9b9a4aa1cc4d550cd9a271e967e88ec141bd074fd880577abc13d2a

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
openssl-0.9.7a-43.2.ppc.rpm SHA-256: 8d7e41f20ef9a942542ee993084f71338b0c55b5d6e69810948e4d2f7e998481
openssl-0.9.7a-43.2.ppc64.rpm SHA-256: 5d30379f46ea565fe8aa6a44d4526b39dcba2e7e6ec1419eaa499ea71c1e8450
openssl-devel-0.9.7a-43.2.ppc.rpm SHA-256: 1ce6ebcac90cf32f9afaa88a73f4c09c8c21d1e1b563c22be7a7c680534c5243
openssl-perl-0.9.7a-43.2.ppc.rpm SHA-256: c4f629b8756b8f182cabca131e584aee0fc54dfe0389327d90fb7b937cc4b075
openssl096b-0.9.6b-22.3.ppc.rpm SHA-256: d6c08c6243d8626bdba42a0c744c124cec308c5d5f2f6034df4cf34eabababc2

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.