Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2010:0978 - Security Advisory
Issued:
2010-12-13
Updated:
2010-12-13

RHSA-2010:0978 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openssl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssl packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180, CVE-2008-7270)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
  • BZ - 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack

CVEs

  • CVE-2010-4180
  • CVE-2008-7270

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openssl-0.9.8e-12.el5_5.7.src.rpm SHA-256: f14c0d5cbd957ca62f0def77511ba3724aec9851e746610a3c02f793f3396b56
x86_64
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: 268c3eeb27cc61cc61a30c8533006b9db07bc776d7809998ae649433a3c7b468
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 63161798986f72966287a945caec2424f2559bf187dd6287a2ee43457d5679d5
openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: 5479e9fafa8fc17f1dd62a942977eb547f757b01d0cbb116a2e2b82368081551
openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: aa758e46b31c4545a8084f2d101c5d86b3cf10eba78d5ccaa868e1ebaa0d96d5
ia64
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-0.9.8e-12.el5_5.7.ia64.rpm SHA-256: 1d8fe85886fdcc7896832229d0fcce0d0a2c7398b11385ce8d33458a66f72aa1
openssl-devel-0.9.8e-12.el5_5.7.ia64.rpm SHA-256: 1615556b6c289cbe2d620dbccb1bf254192028b6d6eb9ae0334128a88c35995f
openssl-perl-0.9.8e-12.el5_5.7.ia64.rpm SHA-256: 7aeddd2f35b8a72f5b177fc80b636de97d771a56af5b024f8bf23aec7aa27d6d
i386
openssl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: bb664e21cd5a6bb4f9b34a2dc533e04f9fc1b835020788d6be6969f6fc93a71b
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 63161798986f72966287a945caec2424f2559bf187dd6287a2ee43457d5679d5
openssl-perl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 74decbd2491182259c8050dfbf304d7363267d315b9565de6caf753200db5973

Red Hat Enterprise Linux Workstation 5

SRPM
openssl-0.9.8e-12.el5_5.7.src.rpm SHA-256: f14c0d5cbd957ca62f0def77511ba3724aec9851e746610a3c02f793f3396b56
x86_64
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: 268c3eeb27cc61cc61a30c8533006b9db07bc776d7809998ae649433a3c7b468
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 63161798986f72966287a945caec2424f2559bf187dd6287a2ee43457d5679d5
openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: 5479e9fafa8fc17f1dd62a942977eb547f757b01d0cbb116a2e2b82368081551
openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: aa758e46b31c4545a8084f2d101c5d86b3cf10eba78d5ccaa868e1ebaa0d96d5
i386
openssl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: bb664e21cd5a6bb4f9b34a2dc533e04f9fc1b835020788d6be6969f6fc93a71b
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 63161798986f72966287a945caec2424f2559bf187dd6287a2ee43457d5679d5
openssl-perl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 74decbd2491182259c8050dfbf304d7363267d315b9565de6caf753200db5973

Red Hat Enterprise Linux Desktop 5

SRPM
openssl-0.9.8e-12.el5_5.7.src.rpm SHA-256: f14c0d5cbd957ca62f0def77511ba3724aec9851e746610a3c02f793f3396b56
x86_64
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: 268c3eeb27cc61cc61a30c8533006b9db07bc776d7809998ae649433a3c7b468
openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: aa758e46b31c4545a8084f2d101c5d86b3cf10eba78d5ccaa868e1ebaa0d96d5
i386
openssl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: bb664e21cd5a6bb4f9b34a2dc533e04f9fc1b835020788d6be6969f6fc93a71b
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-perl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 74decbd2491182259c8050dfbf304d7363267d315b9565de6caf753200db5973

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssl-0.9.8e-12.el5_5.7.src.rpm SHA-256: f14c0d5cbd957ca62f0def77511ba3724aec9851e746610a3c02f793f3396b56
s390x
openssl-0.9.8e-12.el5_5.7.s390.rpm SHA-256: 5b5021612708f1d5a1a81da7fa353af0ab4b75cf8ff05a212e2959fefa42f2b0
openssl-0.9.8e-12.el5_5.7.s390x.rpm SHA-256: 306aaf131cb8478ccb2ba4fab5f3c98f5c801e769a0b5d4dff47e6c39d2157f0
openssl-devel-0.9.8e-12.el5_5.7.s390.rpm SHA-256: 76729d7d36485c7c4c29c107c2d7fba77fb907e77afe5fe25a8df4067416c07e
openssl-devel-0.9.8e-12.el5_5.7.s390x.rpm SHA-256: fb80857946c6e69279424d799268f7cea9654af310ea025f26e5fdbee0f40146
openssl-perl-0.9.8e-12.el5_5.7.s390x.rpm SHA-256: b5accd2a0732d69aff47f43d09cec37ba9250765075bead72191816458e4bfee

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssl-0.9.8e-12.el5_5.7.src.rpm SHA-256: f14c0d5cbd957ca62f0def77511ba3724aec9851e746610a3c02f793f3396b56
ppc
openssl-0.9.8e-12.el5_5.7.ppc.rpm SHA-256: 7a3d5bcfb29cf229e93863478275d8532b3c5e5f5ad3d1fae025f991bf3b686b
openssl-0.9.8e-12.el5_5.7.ppc64.rpm SHA-256: e11f1f0789f232190596d79329fa81ecbb868477030a8418c882643a374cd443
openssl-devel-0.9.8e-12.el5_5.7.ppc.rpm SHA-256: 0ca81626625d8dc978ed0357f18b166ec82109106bc52f9d8a2c3d19de36ce61
openssl-devel-0.9.8e-12.el5_5.7.ppc64.rpm SHA-256: 225a2ffb6eb944134c6caede9dbfd5646f45a09cab34aa11b1f9768053bbc8ca
openssl-perl-0.9.8e-12.el5_5.7.ppc.rpm SHA-256: 313eb2724f59c343f95792e5811288058fc58e5992521ec4771e23c22e0972ac

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssl-0.9.8e-12.el5_5.7.src.rpm SHA-256: f14c0d5cbd957ca62f0def77511ba3724aec9851e746610a3c02f793f3396b56
x86_64
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: 268c3eeb27cc61cc61a30c8533006b9db07bc776d7809998ae649433a3c7b468
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 63161798986f72966287a945caec2424f2559bf187dd6287a2ee43457d5679d5
openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: 5479e9fafa8fc17f1dd62a942977eb547f757b01d0cbb116a2e2b82368081551
openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm SHA-256: aa758e46b31c4545a8084f2d101c5d86b3cf10eba78d5ccaa868e1ebaa0d96d5
i386
openssl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: bb664e21cd5a6bb4f9b34a2dc533e04f9fc1b835020788d6be6969f6fc93a71b
openssl-0.9.8e-12.el5_5.7.i686.rpm SHA-256: def1ea8f1f2300d658d960d682c0ec7b790ecf5353058e8b6045bfe72e2a8ce9
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 63161798986f72966287a945caec2424f2559bf187dd6287a2ee43457d5679d5
openssl-perl-0.9.8e-12.el5_5.7.i386.rpm SHA-256: 74decbd2491182259c8050dfbf304d7363267d315b9565de6caf753200db5973

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter