Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2007:1003 - Security Advisory
Issued:
2007-11-15
Updated:
2007-11-15

RHSA-2007:1003 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openssl security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated OpenSSL packages that correct a security issue and various bugs are
now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, and is also a
full-strength general-purpose cryptography library.

A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer by a single byte (CVE-2007-5135). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.

A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being used
on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches to
mitigate these issues. (CVE-2007-3108)

As well, these updated packages fix the following bugs:

  • multithreaded applications could cause a segmentation fault or deadlock

when calling the random number generator initialization (RAND_poll) in the
OpenSSL library, for a large number of threads simultaneously.

  • in certain circumstances, if an application using the OpenSSL library

reused the SSL session cache for multiple purposes (with various parameters
of the SSL protocol), the session parameters could be mismatched.

  • a segmentation fault could occur when a corrupted pkcs12 file was being

loaded using the "openssl pkcs12 -in [pkcs12-file]" command, where
[pkcs12-file] is the pkcs12 file.

Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 236164 - openssl RAND_poll segfault when fd >= FD_SETSIZE (affects apache2 startup with many SSL vhosts)
  • BZ - 245083 - openssl crashes on pkcs12 file
  • BZ - 245732 - CVE-2007-3108 RSA side-channel attack
  • BZ - 250573 - CVE-NONE openssl branch prediction attacks
  • BZ - 309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one

CVEs

  • CVE-2007-3108
  • CVE-2007-5135

References

  • http://www.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
x86_64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
ia64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: f69f09c760c18e43424e0ac7b22245a3f53ae72d3e5d0f87312c8b3798587179
openssl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: f69f09c760c18e43424e0ac7b22245a3f53ae72d3e5d0f87312c8b3798587179
openssl-devel-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 77b45c9342c6057fdec601b903560d3dc485e572b9fb79d7f99b6b24e80c1844
openssl-devel-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 77b45c9342c6057fdec601b903560d3dc485e572b9fb79d7f99b6b24e80c1844
openssl-perl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 4621eb8d0e81dc050b4e514324f66dc5c92b52c8e036f3a815eddcee2574aaa8
openssl-perl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 4621eb8d0e81dc050b4e514324f66dc5c92b52c8e036f3a815eddcee2574aaa8
i386
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92

Red Hat Enterprise Linux Workstation 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
x86_64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
ia64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: f69f09c760c18e43424e0ac7b22245a3f53ae72d3e5d0f87312c8b3798587179
openssl-devel-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 77b45c9342c6057fdec601b903560d3dc485e572b9fb79d7f99b6b24e80c1844
openssl-perl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 4621eb8d0e81dc050b4e514324f66dc5c92b52c8e036f3a815eddcee2574aaa8
i386
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92

Red Hat Enterprise Linux Desktop 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
x86_64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
i386
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
s390x
openssl-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: 3971fd836ffcc173153a78bb0412fa2ad16301d91f418b436b134e7c5548c491
openssl-0.9.7a-43.17.el4_6.1.s390x.rpm SHA-256: 5af13e0d642949e32d2377981dbe5e18e4058e2a63c823a6e2dc7c4af26bacd9
openssl-devel-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: f189f79892b402bed8d2268df7271917de83096efaab21b3c4ed3612016b0eb7
openssl-devel-0.9.7a-43.17.el4_6.1.s390x.rpm SHA-256: 0884e2dc2861f1710db29939fe64a474e84b0cd0101aefd5796e593ae890b142
openssl-perl-0.9.7a-43.17.el4_6.1.s390x.rpm SHA-256: 1c10e3402b4b9510a41813f50cc2f4f161a873779a3f559f14421a30baa88b0d
s390
openssl-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: 3971fd836ffcc173153a78bb0412fa2ad16301d91f418b436b134e7c5548c491
openssl-devel-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: f189f79892b402bed8d2268df7271917de83096efaab21b3c4ed3612016b0eb7
openssl-perl-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: 5ea6a6c2b374738bd7ab0594a1ee7cf5b543d215aeb4206a15ba95f75fbf98c1

Red Hat Enterprise Linux for Power, big endian 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
ppc
openssl-0.9.7a-43.17.el4_6.1.ppc.rpm SHA-256: 92c7398b907cd2caaaedf200697fddd48491f1ce76d1268a086341f0b3cfea63
openssl-0.9.7a-43.17.el4_6.1.ppc64.rpm SHA-256: ae939a146e74689a8ca62273d5aed18a0fbda0b1190633c97d6bef80fcc7d08b
openssl-devel-0.9.7a-43.17.el4_6.1.ppc.rpm SHA-256: 31c6939c6fce4a7fc95b74996f67fcf700058c4a218995dc693bb3e516617f20
openssl-devel-0.9.7a-43.17.el4_6.1.ppc64.rpm SHA-256: d9e8b128ed0f6ca28d18f95879ecb96e920bec9fc391ea4ec595b9d331e4ecf8
openssl-perl-0.9.7a-43.17.el4_6.1.ppc.rpm SHA-256: 2d71697f3f8bf83a00cca0ad653edb52b93a6e784d18103b7a12e8db016092da

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter