RHSA-2006:0695 - Security Advisory

Overview
Updated Packages

Synopsis

openssl security update

Type/Severity

Security Advisory: Important

Topic

Updated OpenSSL packages are now available to correct several security issues.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer (CVE-2006-3738). Few applications make use
of this vulnerable function and generally it is used only when applications
are compiled for debugging.

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
flaw in the SSLv2 client code. When a client application used OpenSSL to
create an SSLv2 connection to a malicious server, that server could cause
the client to crash. (CVE-2006-4343)

Dr S. N. Henson of the OpenSSL core team and Open Network Security recently
developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered
denial of service vulnerabilities:

Certain public key types can take disproportionate amounts of time to
process, leading to a denial of service. (CVE-2006-2940)
During parsing of certain invalid ASN.1 structures an error condition was
mishandled. This can result in an infinite loop which consumed system
memory (CVE-2006-2937). This issue does not affect the OpenSSL version
distributed in Red Hat Enterprise Linux 2.1.

These vulnerabilities can affect applications which use OpenSSL to parse
ASN.1 data from untrusted sources, including SSL servers which enable
client authentication and S/MIME applications.

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 206940 - CVE-2006-3738 OpenSSL issues (CVE-2006-4343)
BZ - 207274 - CVE-2006-2940 OpenSSL Parasitic Public Keys
BZ - 207276 - CVE-2006-2937 OpenSSL ASN1 DoS

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.x86_64.rpm	SHA-256: fa3d3f3909ed4e71754e58062a310ff7c6c01ea6b0dc82a5865ac443ebd4545a
openssl-0.9.7a-43.14.x86_64.rpm	SHA-256: fa3d3f3909ed4e71754e58062a310ff7c6c01ea6b0dc82a5865ac443ebd4545a
openssl-devel-0.9.7a-43.14.x86_64.rpm	SHA-256: 9c45055095f39aaa093af413d8a1d55c50bfdd2269a7cea1011de656af89f2f6
openssl-devel-0.9.7a-43.14.x86_64.rpm	SHA-256: 9c45055095f39aaa093af413d8a1d55c50bfdd2269a7cea1011de656af89f2f6
openssl-perl-0.9.7a-43.14.x86_64.rpm	SHA-256: 7725e2a3dd371f334360b012afe8b0761a962e4b3c4ed9aadec6be314d9cfb41
openssl-perl-0.9.7a-43.14.x86_64.rpm	SHA-256: 7725e2a3dd371f334360b012afe8b0761a962e4b3c4ed9aadec6be314d9cfb41
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.x86_64.rpm	SHA-256: facd5632f465e4813100b4fb803487e122446956540968f99480f6bcb9639a83
openssl096b-0.9.6b-22.46.x86_64.rpm	SHA-256: facd5632f465e4813100b4fb803487e122446956540968f99480f6bcb9639a83
ia64
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.ia64.rpm	SHA-256: ffea031ff44eeeb79924cc5c70e6c214e29d9e5324317f637f4223b7a9cefb33
openssl-0.9.7a-43.14.ia64.rpm	SHA-256: ffea031ff44eeeb79924cc5c70e6c214e29d9e5324317f637f4223b7a9cefb33
openssl-devel-0.9.7a-43.14.ia64.rpm	SHA-256: a8da4668c86d52a16d29c12443adaccd8f313a1bb87855761691ebf9a90602f6
openssl-devel-0.9.7a-43.14.ia64.rpm	SHA-256: a8da4668c86d52a16d29c12443adaccd8f313a1bb87855761691ebf9a90602f6
openssl-perl-0.9.7a-43.14.ia64.rpm	SHA-256: f0733289c590446cd5221ff72ca00e7a92c9934d821286224fc6b91ff48b9952
openssl-perl-0.9.7a-43.14.ia64.rpm	SHA-256: f0733289c590446cd5221ff72ca00e7a92c9934d821286224fc6b91ff48b9952
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.ia64.rpm	SHA-256: 772b3265b502b5e99615f5ba4f494f2ae4d47af9acdaa84f679bb344c85ff4d3
openssl096b-0.9.6b-22.46.ia64.rpm	SHA-256: 772b3265b502b5e99615f5ba4f494f2ae4d47af9acdaa84f679bb344c85ff4d3
i386
openssl-0.9.7a-43.14.i386.rpm	SHA-256: bd81202fbe2fb93e99450cf608922cba5662c4326d9fc177ea6f66aefcdcfbab
openssl-0.9.7a-43.14.i386.rpm	SHA-256: bd81202fbe2fb93e99450cf608922cba5662c4326d9fc177ea6f66aefcdcfbab
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-devel-0.9.7a-43.14.i386.rpm	SHA-256: 133af49ef6e153d155a14c140063ec895580d98f4ec59e2c0062690b58967ef7
openssl-devel-0.9.7a-43.14.i386.rpm	SHA-256: 133af49ef6e153d155a14c140063ec895580d98f4ec59e2c0062690b58967ef7
openssl-perl-0.9.7a-43.14.i386.rpm	SHA-256: 7819c40d875a3318d6b9cce768fb08e2c5ba681fa80e5efff072bbc0905ba6ed
openssl-perl-0.9.7a-43.14.i386.rpm	SHA-256: 7819c40d875a3318d6b9cce768fb08e2c5ba681fa80e5efff072bbc0905ba6ed
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.x86_64.rpm	SHA-256: fa3d3f3909ed4e71754e58062a310ff7c6c01ea6b0dc82a5865ac443ebd4545a
openssl-devel-0.9.7a-43.14.x86_64.rpm	SHA-256: 9c45055095f39aaa093af413d8a1d55c50bfdd2269a7cea1011de656af89f2f6
openssl-perl-0.9.7a-43.14.x86_64.rpm	SHA-256: 7725e2a3dd371f334360b012afe8b0761a962e4b3c4ed9aadec6be314d9cfb41
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.x86_64.rpm	SHA-256: facd5632f465e4813100b4fb803487e122446956540968f99480f6bcb9639a83
ia64
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.ia64.rpm	SHA-256: ffea031ff44eeeb79924cc5c70e6c214e29d9e5324317f637f4223b7a9cefb33
openssl-devel-0.9.7a-43.14.ia64.rpm	SHA-256: a8da4668c86d52a16d29c12443adaccd8f313a1bb87855761691ebf9a90602f6
openssl-perl-0.9.7a-43.14.ia64.rpm	SHA-256: f0733289c590446cd5221ff72ca00e7a92c9934d821286224fc6b91ff48b9952
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.ia64.rpm	SHA-256: 772b3265b502b5e99615f5ba4f494f2ae4d47af9acdaa84f679bb344c85ff4d3
i386
openssl-0.9.7a-43.14.i386.rpm	SHA-256: bd81202fbe2fb93e99450cf608922cba5662c4326d9fc177ea6f66aefcdcfbab
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-devel-0.9.7a-43.14.i386.rpm	SHA-256: 133af49ef6e153d155a14c140063ec895580d98f4ec59e2c0062690b58967ef7
openssl-perl-0.9.7a-43.14.i386.rpm	SHA-256: 7819c40d875a3318d6b9cce768fb08e2c5ba681fa80e5efff072bbc0905ba6ed
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-0.9.7a-43.14.x86_64.rpm	SHA-256: fa3d3f3909ed4e71754e58062a310ff7c6c01ea6b0dc82a5865ac443ebd4545a
openssl-devel-0.9.7a-43.14.x86_64.rpm	SHA-256: 9c45055095f39aaa093af413d8a1d55c50bfdd2269a7cea1011de656af89f2f6
openssl-perl-0.9.7a-43.14.x86_64.rpm	SHA-256: 7725e2a3dd371f334360b012afe8b0761a962e4b3c4ed9aadec6be314d9cfb41
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8
openssl096b-0.9.6b-22.46.x86_64.rpm	SHA-256: facd5632f465e4813100b4fb803487e122446956540968f99480f6bcb9639a83
i386
openssl-0.9.7a-43.14.i386.rpm	SHA-256: bd81202fbe2fb93e99450cf608922cba5662c4326d9fc177ea6f66aefcdcfbab
openssl-0.9.7a-43.14.i686.rpm	SHA-256: 5c8269802211d71530cae6cccf0dfdf43f908da0e48fa295f41242d9267d0b04
openssl-devel-0.9.7a-43.14.i386.rpm	SHA-256: 133af49ef6e153d155a14c140063ec895580d98f4ec59e2c0062690b58967ef7
openssl-perl-0.9.7a-43.14.i386.rpm	SHA-256: 7819c40d875a3318d6b9cce768fb08e2c5ba681fa80e5efff072bbc0905ba6ed
openssl096b-0.9.6b-22.46.i386.rpm	SHA-256: fffde1d03c67db36db2a6a39ba7c7845c2c5979c6fd2a327c163edb0de346ba8

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
openssl-0.9.7a-43.14.s390.rpm	SHA-256: 169cbc22b132bd291ecb94a091c813ecef2ef0990a140d2ac353484123a151ef
openssl-0.9.7a-43.14.s390x.rpm	SHA-256: cf210966d7303aff494f32cab7fc99849ccaa50f0b06b0f9707b5015dc76216b
openssl-devel-0.9.7a-43.14.s390x.rpm	SHA-256: 66998f17a4765ee4e7b33ef37750e7a3cde1793a10bd68841f77ba7ca8835b5a
openssl-perl-0.9.7a-43.14.s390x.rpm	SHA-256: 9cc64294010f0e641b8bdae4007f8331052f4e015594c44432d17e43dd7ecf5c
openssl096b-0.9.6b-22.46.s390.rpm	SHA-256: 9519247f7990e7b68b6e2c896f3f0ce76a08633341d9341c0b2b3de261eb1381
s390
openssl-0.9.7a-43.14.s390.rpm	SHA-256: 169cbc22b132bd291ecb94a091c813ecef2ef0990a140d2ac353484123a151ef
openssl-devel-0.9.7a-43.14.s390.rpm	SHA-256: 9558f1360d92e63c9260f96db2b029e8a39cdd7d6e58eb0ec93db080f30f8aba
openssl-perl-0.9.7a-43.14.s390.rpm	SHA-256: 211c6bcfb14e9649c17560db8cb3d95a2985061bf94fea224eb58afb726b12eb
openssl096b-0.9.6b-22.46.s390.rpm	SHA-256: 9519247f7990e7b68b6e2c896f3f0ce76a08633341d9341c0b2b3de261eb1381

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
openssl-0.9.7a-43.14.ppc.rpm	SHA-256: 8252f6c7d39cbcb6eb534f896656fca1a70f88b09276fbe1d0336a70ea3b218b
openssl-0.9.7a-43.14.ppc64.rpm	SHA-256: c92c7e9e974d33778bc8174a2458a4d18c9586a5c6cbf5fa3f286fcc5900cf92
openssl-devel-0.9.7a-43.14.ppc.rpm	SHA-256: f135161c62181cdaac0e7f8a6d410d60881bb5bc21fb97e7c19e33e46fc05509
openssl-perl-0.9.7a-43.14.ppc.rpm	SHA-256: b5bae14d84c9c22ee6a99c38663fb22310aaeabfe5c9dabd61fdd1e3af01d125
openssl096b-0.9.6b-22.46.ppc.rpm	SHA-256: bbda957c73864373c722694b59d7d6feb62f6eab68b32e00dd8c6547c6401da6

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.