Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2014:1053 - Security Advisory
Issued:
2014-08-13
Updated:
2014-08-13

RHSA-2014:1053 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openssl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.

It was discovered that the OBJ_obj2txt() function could fail to properly
NUL-terminate its output. This could possibly cause an application using
OpenSSL functions to format fields of X.509 certificates to disclose
portions of its memory. (CVE-2014-3508)

Multiple flaws were discovered in the way OpenSSL handled DTLS packets.
A remote attacker could use these flaws to cause a DTLS server or client
using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,
CVE-2014-3505, CVE-2014-3506)

A NULL pointer dereference flaw was found in the way OpenSSL performed a
handshake when using the anonymous Diffie-Hellman (DH) key exchange. A
malicious server could cause a DTLS client using OpenSSL to crash if that
client had anonymous DH cipher suites enabled. (CVE-2014-3510)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original
reporter of this issue.

All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
  • BZ - 1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions
  • BZ - 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free
  • BZ - 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion
  • BZ - 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service

CVEs

  • CVE-2014-0221
  • CVE-2014-3506
  • CVE-2014-3510
  • CVE-2014-3508
  • CVE-2014-3505

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://www.openssl.org/news/secadv_20140605.txt
  • https://www.openssl.org/news/secadv_20140806.txt
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openssl-0.9.8e-27.el5_10.4.src.rpm SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
x86_64
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 7c1a2be8151c2c920f01f74dcff3bd0e5271a005cdeb5d9b8e2cf0ff277b724d
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 489d679de457fd6791800e33537be9917e5a258ec8dcb044e6e5b1b112bb3797
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 657886d3ad3fa3fb61fd9566b7f0273249c9a3a64841f7e3057a2ddcc44fb878
ia64
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.ia64.rpm SHA-256: 2ea40682a2492a3b3ad7d29a37b8f122f122f5da505d7bec2c12fe5cc7f934a1
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm SHA-256: 64f99d90fd0056c8c61d878ef7376d66c2e34471221818865862ad8400e40d4b
openssl-devel-0.9.8e-27.el5_10.4.ia64.rpm SHA-256: 0b0f1795699148da2a42147e3c1b10d8ee98bc9d409c049a413c171f3cc30855
openssl-perl-0.9.8e-27.el5_10.4.ia64.rpm SHA-256: beac22ecbd64a5df98287a872330446b7324fe6bcdcc48d1431447b56fed9f1d
i386
openssl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: a8e731f63dbf3a6f2bbee5df773b8abee0e6e6c9982661ed7d9808dbaa495746
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 39bc40297c867a42337abd4e6054ca5ac77677907412c5bab1f308487f750b03

Red Hat Enterprise Linux Workstation 5

SRPM
openssl-0.9.8e-27.el5_10.4.src.rpm SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
x86_64
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 7c1a2be8151c2c920f01f74dcff3bd0e5271a005cdeb5d9b8e2cf0ff277b724d
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 489d679de457fd6791800e33537be9917e5a258ec8dcb044e6e5b1b112bb3797
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 657886d3ad3fa3fb61fd9566b7f0273249c9a3a64841f7e3057a2ddcc44fb878
i386
openssl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: a8e731f63dbf3a6f2bbee5df773b8abee0e6e6c9982661ed7d9808dbaa495746
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 39bc40297c867a42337abd4e6054ca5ac77677907412c5bab1f308487f750b03

Red Hat Enterprise Linux Desktop 5

SRPM
openssl-0.9.8e-27.el5_10.4.src.rpm SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
x86_64
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 7c1a2be8151c2c920f01f74dcff3bd0e5271a005cdeb5d9b8e2cf0ff277b724d
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 657886d3ad3fa3fb61fd9566b7f0273249c9a3a64841f7e3057a2ddcc44fb878
i386
openssl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: a8e731f63dbf3a6f2bbee5df773b8abee0e6e6c9982661ed7d9808dbaa495746
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 39bc40297c867a42337abd4e6054ca5ac77677907412c5bab1f308487f750b03

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssl-0.9.8e-27.el5_10.4.src.rpm SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
s390x
openssl-0.9.8e-27.el5_10.4.s390.rpm SHA-256: e48ccf439e2a5b9b4cb5b3a5cd46fbcd0c7f6f2e215ececb71998275f634d903
openssl-0.9.8e-27.el5_10.4.s390x.rpm SHA-256: 7d33daae5e3c15f8ca24f4d5368a97d33474cf20dfea6ee188c7da2f1c2f1dc3
openssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm SHA-256: 3b0fc70408aa763df249865fb342652c02733a225121579de6f0621c7cc56cc4
openssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm SHA-256: 71ebebfd4eba56e2b53077aec6f2c0d63c7a0f8e64bc4f9ffd6938edaeab3818
openssl-devel-0.9.8e-27.el5_10.4.s390.rpm SHA-256: dd1e53c844472d0b65f366d1e54ac36f460c5b114d3a54379f62f0a7c801e415
openssl-devel-0.9.8e-27.el5_10.4.s390x.rpm SHA-256: 3a3485f51a943277f3c971bb7e758be9421fb7f97f626d18d85a31822697146e
openssl-perl-0.9.8e-27.el5_10.4.s390x.rpm SHA-256: 563ba9c5a69d94942e67eeee5c3a33dce9edd23424e11a37aa863e9750c92544

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssl-0.9.8e-27.el5_10.4.src.rpm SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
ppc
openssl-0.9.8e-27.el5_10.4.ppc.rpm SHA-256: 4b3550a5f0ddd564bac2ee430faa858e49406c453f90966fe1ae2906cc7e4c38
openssl-0.9.8e-27.el5_10.4.ppc64.rpm SHA-256: 43767d9f4bd741b433e1b891b428bd31052525475abecfba4e9ef80a9fab8731
openssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm SHA-256: 5977455038aa33589677afe32a987630ba97ddf3020eca4500c9fb568f3687fa
openssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm SHA-256: baccc14bb9e09e4ec950a42bf274464a4ed1460651dbf9a26c82dfbf94640213
openssl-devel-0.9.8e-27.el5_10.4.ppc.rpm SHA-256: 0886679057511580f91188f331b78281991ec53d75485f372cb13aa18534a9fd
openssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm SHA-256: 233aae184c7da85ac9f53ab1d95d6c49dfaf52728960697a253a2cabf1bdcd29
openssl-perl-0.9.8e-27.el5_10.4.ppc.rpm SHA-256: f210a17be2d53fdff7167a1a0f32d23a0275c790a0659c039516c9dbb8cb31c1

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssl-0.9.8e-27.el5_10.4.src.rpm SHA-256: e405b6393521f1cd6fbbe8fec3b8bc6e9a3e1d72a87000381d817e90a1447a6d
x86_64
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 7c1a2be8151c2c920f01f74dcff3bd0e5271a005cdeb5d9b8e2cf0ff277b724d
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: d1c152e00ef4c783fcf5171bfb462273b0b87309fbf632ddc19a3db8ac6b6923
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 489d679de457fd6791800e33537be9917e5a258ec8dcb044e6e5b1b112bb3797
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm SHA-256: 657886d3ad3fa3fb61fd9566b7f0273249c9a3a64841f7e3057a2ddcc44fb878
i386
openssl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: a8e731f63dbf3a6f2bbee5df773b8abee0e6e6c9982661ed7d9808dbaa495746
openssl-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 2f80dcda308e07bc4c54bada694f47d6335f7079d194442ece58a28522e23743
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 91bc6d081a321d0b6a7258fb1209fe63800195d336468012052a54d4de5b6df8
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm SHA-256: 3ccb1357d2d0fec897c2aadfe814e372ccd5186d90bb12b8081226bb2429b352
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm SHA-256: d0915271bc1c284c78a3c980c84216f13bad5ae5d73ee5cdf074367a7f0003a3
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm SHA-256: 39bc40297c867a42337abd4e6054ca5ac77677907412c5bab1f308487f750b03

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility