Issued:
2007-11-15
Updated:
2007-11-15

RHSA-2007:1003 - Security Advisory

Synopsis

Moderate: openssl security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated OpenSSL packages that correct a security issue and various bugs are
now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, and is also a
full-strength general-purpose cryptography library.

A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer by a single byte (CVE-2007-5135). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.

A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being used
on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches to
mitigate these issues. (CVE-2007-3108)

As well, these updated packages fix the following bugs:

  • multithreaded applications could cause a segmentation fault or deadlock

when calling the random number generator initialization (RAND_poll) in the
OpenSSL library, for a large number of threads simultaneously.

  • in certain circumstances, if an application using the OpenSSL library

reused the SSL session cache for multiple purposes (with various parameters
of the SSL protocol), the session parameters could be mismatched.

  • a segmentation fault could occur when a corrupted pkcs12 file was being

loaded using the "openssl pkcs12 -in [pkcs12-file]" command, where
[pkcs12-file] is the pkcs12 file.

Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 236164 - openssl RAND_poll segfault when fd >= FD_SETSIZE (affects apache2 startup with many SSL vhosts)
  • BZ - 245083 - openssl crashes on pkcs12 file
  • BZ - 245732 - CVE-2007-3108 RSA side-channel attack
  • BZ - 250573 - CVE-NONE openssl branch prediction attacks
  • BZ - 309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one

Red Hat Enterprise Linux Server 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
x86_64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
ia64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: f69f09c760c18e43424e0ac7b22245a3f53ae72d3e5d0f87312c8b3798587179
openssl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: f69f09c760c18e43424e0ac7b22245a3f53ae72d3e5d0f87312c8b3798587179
openssl-devel-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 77b45c9342c6057fdec601b903560d3dc485e572b9fb79d7f99b6b24e80c1844
openssl-devel-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 77b45c9342c6057fdec601b903560d3dc485e572b9fb79d7f99b6b24e80c1844
openssl-perl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 4621eb8d0e81dc050b4e514324f66dc5c92b52c8e036f3a815eddcee2574aaa8
openssl-perl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 4621eb8d0e81dc050b4e514324f66dc5c92b52c8e036f3a815eddcee2574aaa8
i386
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92

Red Hat Enterprise Linux Workstation 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
x86_64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
ia64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: f69f09c760c18e43424e0ac7b22245a3f53ae72d3e5d0f87312c8b3798587179
openssl-devel-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 77b45c9342c6057fdec601b903560d3dc485e572b9fb79d7f99b6b24e80c1844
openssl-perl-0.9.7a-43.17.el4_6.1.ia64.rpm SHA-256: 4621eb8d0e81dc050b4e514324f66dc5c92b52c8e036f3a815eddcee2574aaa8
i386
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92

Red Hat Enterprise Linux Desktop 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
x86_64
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 095be2a43ba95c05ddba19dc89e8878b01df2a23f30729c1c41556f35e473a56
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-devel-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 07ff7ad32e00ff7ae081025a5cc37da96d7f012fcbe3433994e8b159beb77645
openssl-perl-0.9.7a-43.17.el4_6.1.x86_64.rpm SHA-256: 929048c42491af052f90c59ef70b316cc4a2249273c614f15626a9b1b8d4d700
i386
openssl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: de894e0f74211af27ab707b0a07e2a138db63ed9b4446ba6240eef8415bda619
openssl-0.9.7a-43.17.el4_6.1.i686.rpm SHA-256: 117ab4d52ec308688c061eaf633213098fb72eeb350e73672e0e567b472d4d2b
openssl-devel-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: fbf4034ce647e05261d632d952c870a75d103d4486f6afa38f0b2c6d675117ed
openssl-perl-0.9.7a-43.17.el4_6.1.i386.rpm SHA-256: 66ac955ea996fc472f3a505652b6640fafb7f506dfe4e25876e9673dc9454d92

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
s390x
openssl-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: 3971fd836ffcc173153a78bb0412fa2ad16301d91f418b436b134e7c5548c491
openssl-0.9.7a-43.17.el4_6.1.s390x.rpm SHA-256: 5af13e0d642949e32d2377981dbe5e18e4058e2a63c823a6e2dc7c4af26bacd9
openssl-devel-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: f189f79892b402bed8d2268df7271917de83096efaab21b3c4ed3612016b0eb7
openssl-devel-0.9.7a-43.17.el4_6.1.s390x.rpm SHA-256: 0884e2dc2861f1710db29939fe64a474e84b0cd0101aefd5796e593ae890b142
openssl-perl-0.9.7a-43.17.el4_6.1.s390x.rpm SHA-256: 1c10e3402b4b9510a41813f50cc2f4f161a873779a3f559f14421a30baa88b0d
s390
openssl-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: 3971fd836ffcc173153a78bb0412fa2ad16301d91f418b436b134e7c5548c491
openssl-devel-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: f189f79892b402bed8d2268df7271917de83096efaab21b3c4ed3612016b0eb7
openssl-perl-0.9.7a-43.17.el4_6.1.s390.rpm SHA-256: 5ea6a6c2b374738bd7ab0594a1ee7cf5b543d215aeb4206a15ba95f75fbf98c1

Red Hat Enterprise Linux for Power, big endian 4

SRPM
openssl-0.9.7a-43.17.el4_6.1.src.rpm SHA-256: 273774194007a763df6bfe391619343d0272bc8247d27d88d9044542f6fb7a94
ppc
openssl-0.9.7a-43.17.el4_6.1.ppc.rpm SHA-256: 92c7398b907cd2caaaedf200697fddd48491f1ce76d1268a086341f0b3cfea63
openssl-0.9.7a-43.17.el4_6.1.ppc64.rpm SHA-256: ae939a146e74689a8ca62273d5aed18a0fbda0b1190633c97d6bef80fcc7d08b
openssl-devel-0.9.7a-43.17.el4_6.1.ppc.rpm SHA-256: 31c6939c6fce4a7fc95b74996f67fcf700058c4a218995dc693bb3e516617f20
openssl-devel-0.9.7a-43.17.el4_6.1.ppc64.rpm SHA-256: d9e8b128ed0f6ca28d18f95879ecb96e920bec9fc391ea4ec595b9d331e4ecf8
openssl-perl-0.9.7a-43.17.el4_6.1.ppc.rpm SHA-256: 2d71697f3f8bf83a00cca0ad653edb52b93a6e784d18103b7a12e8db016092da

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.