Issued:
2006-09-06
Updated:
2006-09-06

RHSA-2006:0661 - Security Advisory

Synopsis

openssl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated OpenSSL packages are now available to correct a security issue.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. Where an RSA key with exponent 3 is used it may be possible
for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly
verified by implementations that do not check for excess data in the RSA
exponentiation result of the signature.

The Google Security Team discovered that OpenSSL is vulnerable to this
attack. This issue affects applications that use OpenSSL to verify X.509
certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)

This errata also resolves a problem where a customized ca-bundle.crt file
was overwritten when the openssl package was upgraded.

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution

Users of Red Hat Enterprise Linux 2.1 may need to use the command "up2date
openssl openssl095a openssl096" to install these updated packages on their
systems. This is due to a conflict between Galeon and the recent Seamonkey
update. We will provide updated Galeon packages to fix this conflict in
a future erratum.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 170740 - Custom ca-bundle.crt overwritten on upgrade
  • BZ - 175811 - Custom ca-bundle.crt overwritten on upgrade
  • BZ - 205180 - CVE-2006-4339 RSA signature forgery

Red Hat Enterprise Linux Server 4

SRPM
x86_64
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.x86_64.rpm SHA-256: 3329541320998c13e86d9a78ff3878a10253a08fc106ff45394b9d2a46705b38
openssl-0.9.7a-43.11.x86_64.rpm SHA-256: 3329541320998c13e86d9a78ff3878a10253a08fc106ff45394b9d2a46705b38
openssl-devel-0.9.7a-43.11.x86_64.rpm SHA-256: 401c0a1ef1500f7b3387eaad08217962904254d913e56242a9d53fe103cfd151
openssl-devel-0.9.7a-43.11.x86_64.rpm SHA-256: 401c0a1ef1500f7b3387eaad08217962904254d913e56242a9d53fe103cfd151
openssl-perl-0.9.7a-43.11.x86_64.rpm SHA-256: 3babd234f081837e7da5e2002193980bc2ef4239b3e567a1e29ad4b1ad56b41e
openssl-perl-0.9.7a-43.11.x86_64.rpm SHA-256: 3babd234f081837e7da5e2002193980bc2ef4239b3e567a1e29ad4b1ad56b41e
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.x86_64.rpm SHA-256: face2d37eea9d1e69ea665989bedb97b9763e15421ec55fe1094c57590fa1792
openssl096b-0.9.6b-22.43.x86_64.rpm SHA-256: face2d37eea9d1e69ea665989bedb97b9763e15421ec55fe1094c57590fa1792
ia64
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.ia64.rpm SHA-256: b7be4262aa0894bd39cc3b1843e886ad0d19d2cd9631ec35f2e230cc78db49b0
openssl-0.9.7a-43.11.ia64.rpm SHA-256: b7be4262aa0894bd39cc3b1843e886ad0d19d2cd9631ec35f2e230cc78db49b0
openssl-devel-0.9.7a-43.11.ia64.rpm SHA-256: 1ed4e4f08e1a385806df4b3642f1a2cb031bd2dd612f8e9b5d8ec33fdccdfe8a
openssl-devel-0.9.7a-43.11.ia64.rpm SHA-256: 1ed4e4f08e1a385806df4b3642f1a2cb031bd2dd612f8e9b5d8ec33fdccdfe8a
openssl-perl-0.9.7a-43.11.ia64.rpm SHA-256: a808cbafc3e4021373041a5c4e622349878b3a0548313ab949e9c185c1a9ec86
openssl-perl-0.9.7a-43.11.ia64.rpm SHA-256: a808cbafc3e4021373041a5c4e622349878b3a0548313ab949e9c185c1a9ec86
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.ia64.rpm SHA-256: cd92e85b505dcc296a6d29754a0f8ed3353df3a78f24702e3264f3c2822ffbfe
openssl096b-0.9.6b-22.43.ia64.rpm SHA-256: cd92e85b505dcc296a6d29754a0f8ed3353df3a78f24702e3264f3c2822ffbfe
i386
openssl-0.9.7a-43.11.i386.rpm SHA-256: c6cc75cec5907f23ffe5899597e2509a5bb22c77a179e0e1f822790c6c6e2bfe
openssl-0.9.7a-43.11.i386.rpm SHA-256: c6cc75cec5907f23ffe5899597e2509a5bb22c77a179e0e1f822790c6c6e2bfe
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-devel-0.9.7a-43.11.i386.rpm SHA-256: 0861d2392587671f221c6fadd68db53b4651ad0c7b855d13b51c25064b603a5a
openssl-devel-0.9.7a-43.11.i386.rpm SHA-256: 0861d2392587671f221c6fadd68db53b4651ad0c7b855d13b51c25064b603a5a
openssl-perl-0.9.7a-43.11.i386.rpm SHA-256: 1d97b8301658f168a9f09897ea5ca2e04f462238c227c5ab768cc8e9eafb8dc6
openssl-perl-0.9.7a-43.11.i386.rpm SHA-256: 1d97b8301658f168a9f09897ea5ca2e04f462238c227c5ab768cc8e9eafb8dc6
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.x86_64.rpm SHA-256: 3329541320998c13e86d9a78ff3878a10253a08fc106ff45394b9d2a46705b38
openssl-devel-0.9.7a-43.11.x86_64.rpm SHA-256: 401c0a1ef1500f7b3387eaad08217962904254d913e56242a9d53fe103cfd151
openssl-perl-0.9.7a-43.11.x86_64.rpm SHA-256: 3babd234f081837e7da5e2002193980bc2ef4239b3e567a1e29ad4b1ad56b41e
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.x86_64.rpm SHA-256: face2d37eea9d1e69ea665989bedb97b9763e15421ec55fe1094c57590fa1792
ia64
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.ia64.rpm SHA-256: b7be4262aa0894bd39cc3b1843e886ad0d19d2cd9631ec35f2e230cc78db49b0
openssl-devel-0.9.7a-43.11.ia64.rpm SHA-256: 1ed4e4f08e1a385806df4b3642f1a2cb031bd2dd612f8e9b5d8ec33fdccdfe8a
openssl-perl-0.9.7a-43.11.ia64.rpm SHA-256: a808cbafc3e4021373041a5c4e622349878b3a0548313ab949e9c185c1a9ec86
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.ia64.rpm SHA-256: cd92e85b505dcc296a6d29754a0f8ed3353df3a78f24702e3264f3c2822ffbfe
i386
openssl-0.9.7a-43.11.i386.rpm SHA-256: c6cc75cec5907f23ffe5899597e2509a5bb22c77a179e0e1f822790c6c6e2bfe
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-devel-0.9.7a-43.11.i386.rpm SHA-256: 0861d2392587671f221c6fadd68db53b4651ad0c7b855d13b51c25064b603a5a
openssl-perl-0.9.7a-43.11.i386.rpm SHA-256: 1d97b8301658f168a9f09897ea5ca2e04f462238c227c5ab768cc8e9eafb8dc6
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-0.9.7a-43.11.x86_64.rpm SHA-256: 3329541320998c13e86d9a78ff3878a10253a08fc106ff45394b9d2a46705b38
openssl-devel-0.9.7a-43.11.x86_64.rpm SHA-256: 401c0a1ef1500f7b3387eaad08217962904254d913e56242a9d53fe103cfd151
openssl-perl-0.9.7a-43.11.x86_64.rpm SHA-256: 3babd234f081837e7da5e2002193980bc2ef4239b3e567a1e29ad4b1ad56b41e
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504
openssl096b-0.9.6b-22.43.x86_64.rpm SHA-256: face2d37eea9d1e69ea665989bedb97b9763e15421ec55fe1094c57590fa1792
i386
openssl-0.9.7a-43.11.i386.rpm SHA-256: c6cc75cec5907f23ffe5899597e2509a5bb22c77a179e0e1f822790c6c6e2bfe
openssl-0.9.7a-43.11.i686.rpm SHA-256: 8039f557f1174695565049795b523bcb37d95280e908882bc4d7e28fe0387455
openssl-devel-0.9.7a-43.11.i386.rpm SHA-256: 0861d2392587671f221c6fadd68db53b4651ad0c7b855d13b51c25064b603a5a
openssl-perl-0.9.7a-43.11.i386.rpm SHA-256: 1d97b8301658f168a9f09897ea5ca2e04f462238c227c5ab768cc8e9eafb8dc6
openssl096b-0.9.6b-22.43.i386.rpm SHA-256: 810a14443ae7304243dee98c3667f4d8546b8c8a32f3fec2114d829d2c9bf504

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
openssl-0.9.7a-43.11.s390.rpm SHA-256: b3f6ad1b4b1874b066f66d51fdd811929dc367248b1f38f55e535f0f784b55c1
openssl-0.9.7a-43.11.s390x.rpm SHA-256: c84fd2d8e72ba6df1014500b99ce5d8ec14168dad17af121a8f9175bbe57e507
openssl-devel-0.9.7a-43.11.s390x.rpm SHA-256: c2b5423c1eed1218af390f83d1a1117877ea6f754b9ae1e2bb2eed5e2ff620fb
openssl-perl-0.9.7a-43.11.s390x.rpm SHA-256: 5a25fd251cea8c3c622104d10e946085cfff5849eb70e026e78fe61a5e16fa1b
openssl096b-0.9.6b-22.43.s390.rpm SHA-256: 4310237b3f5d8348bb9ed55921a468481101510936d5945eabc9a933b64187d8
s390
openssl-0.9.7a-43.11.s390.rpm SHA-256: b3f6ad1b4b1874b066f66d51fdd811929dc367248b1f38f55e535f0f784b55c1
openssl-devel-0.9.7a-43.11.s390.rpm SHA-256: 034d0adb6bbe25bd1dc37e0f1c1cb5bf5275f114716923230aee4bc5ab269832
openssl-perl-0.9.7a-43.11.s390.rpm SHA-256: cd01081fcd69beaf95c737c4f12953d397c3ad472109c96bbe66c4998318272a
openssl096b-0.9.6b-22.43.s390.rpm SHA-256: 4310237b3f5d8348bb9ed55921a468481101510936d5945eabc9a933b64187d8

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
openssl-0.9.7a-43.11.ppc.rpm SHA-256: f08f01f9d8ebad507ceb2fcc548dc53cf24a078092cccc1a54e295ca708c2fc2
openssl-0.9.7a-43.11.ppc64.rpm SHA-256: 16053cadab8967a15ceeea5c7b15e3c283ea9d22d8eadf72b7dd827c23dedeac
openssl-devel-0.9.7a-43.11.ppc.rpm SHA-256: fa9485ded1b94f1321a5fa6153ebe498fc4cdbb0a3f7205d2a98662972f9c8d5
openssl-perl-0.9.7a-43.11.ppc.rpm SHA-256: eb9be2fd3d97f5793523bb77b29356ed58531bf20aa8ebba6b58f2f1607760c6
openssl096b-0.9.6b-22.43.ppc.rpm SHA-256: 8ef1c7f50dcd5e7a5767313f127c718c8ec47050e3d1f82611867a2fa8dd9418

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.