Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2015:2616 - Security Advisory
Issued:
2015-12-14
Updated:
2015-12-14

RHSA-2015:2616 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openssl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssl packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and
CMS data. A remote attacker could use this flaw to cause an application
that parses PKCS#7 or CMS data from untrusted sources to use an excessive
amount of memory and possibly crash. (CVE-2015-3195)

All openssl users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak

CVEs

  • CVE-2015-3195

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://openssl.org/news/secadv/20151203.txt
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openssl-0.9.8e-37.el5_11.src.rpm SHA-256: 71d9f2658e6894e4bee3d986f4db94f7ae9bd1e546430304a931a37f42efea5e
x86_64
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 569594cb7cd24a40788261e167f98991664f490732d255b2042d41027484c40b
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-debuginfo-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 9494b1122f5a276c71ef17c3c3f683d6d08f006f416808486a5e30d2ac684b0f
openssl-devel-0.9.8e-37.el5_11.i386.rpm SHA-256: 7bffa76d3d72f53267280433ee566d36904879eb4b9cedc2ce912b8e06e2e871
openssl-devel-0.9.8e-37.el5_11.x86_64.rpm SHA-256: b79b8a7d56bcf7411062778e2e6488bdd2f704ccdd706dd033cfd9b61d750926
openssl-perl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: e531a27a6fa6fb04be24d8e4ffd5ec370db1378d2e47923e164be5b9e6ff2962
ia64
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-0.9.8e-37.el5_11.ia64.rpm SHA-256: 3d9072af9f85218bd6f2ca1a973720dd809be5a22af48995c5736ad29ba7dea2
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-debuginfo-0.9.8e-37.el5_11.ia64.rpm SHA-256: 0ec10fd7f750d626fb23336b89c2ce6d9b6a7488d81712eb3d207593edd27fd9
openssl-devel-0.9.8e-37.el5_11.ia64.rpm SHA-256: 7851d12d0f3d5d5e673301bc2b95591ff58328468c6bf9f0eaa72394f620929d
openssl-perl-0.9.8e-37.el5_11.ia64.rpm SHA-256: dcab7fb837311246812cecc2a325866f7e531b21a19f30c1cb86c10c33ccb53e
i386
openssl-0.9.8e-37.el5_11.i386.rpm SHA-256: 471ba4e8870b148370696fe8e9712f93681274269ef884ef1e4dab685b330881
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-devel-0.9.8e-37.el5_11.i386.rpm SHA-256: 7bffa76d3d72f53267280433ee566d36904879eb4b9cedc2ce912b8e06e2e871
openssl-perl-0.9.8e-37.el5_11.i386.rpm SHA-256: 8b6c5e1c09571bcfe0eafc626c16c030b4a3f9da5f3df6d581f20b9760374b79

Red Hat Enterprise Linux Workstation 5

SRPM
openssl-0.9.8e-37.el5_11.src.rpm SHA-256: 71d9f2658e6894e4bee3d986f4db94f7ae9bd1e546430304a931a37f42efea5e
x86_64
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 569594cb7cd24a40788261e167f98991664f490732d255b2042d41027484c40b
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-debuginfo-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 9494b1122f5a276c71ef17c3c3f683d6d08f006f416808486a5e30d2ac684b0f
openssl-debuginfo-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 9494b1122f5a276c71ef17c3c3f683d6d08f006f416808486a5e30d2ac684b0f
openssl-devel-0.9.8e-37.el5_11.i386.rpm SHA-256: 7bffa76d3d72f53267280433ee566d36904879eb4b9cedc2ce912b8e06e2e871
openssl-devel-0.9.8e-37.el5_11.x86_64.rpm SHA-256: b79b8a7d56bcf7411062778e2e6488bdd2f704ccdd706dd033cfd9b61d750926
openssl-perl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: e531a27a6fa6fb04be24d8e4ffd5ec370db1378d2e47923e164be5b9e6ff2962
i386
openssl-0.9.8e-37.el5_11.i386.rpm SHA-256: 471ba4e8870b148370696fe8e9712f93681274269ef884ef1e4dab685b330881
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-devel-0.9.8e-37.el5_11.i386.rpm SHA-256: 7bffa76d3d72f53267280433ee566d36904879eb4b9cedc2ce912b8e06e2e871
openssl-perl-0.9.8e-37.el5_11.i386.rpm SHA-256: 8b6c5e1c09571bcfe0eafc626c16c030b4a3f9da5f3df6d581f20b9760374b79

Red Hat Enterprise Linux Desktop 5

SRPM
openssl-0.9.8e-37.el5_11.src.rpm SHA-256: 71d9f2658e6894e4bee3d986f4db94f7ae9bd1e546430304a931a37f42efea5e
x86_64
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 569594cb7cd24a40788261e167f98991664f490732d255b2042d41027484c40b
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-debuginfo-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 9494b1122f5a276c71ef17c3c3f683d6d08f006f416808486a5e30d2ac684b0f
openssl-perl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: e531a27a6fa6fb04be24d8e4ffd5ec370db1378d2e47923e164be5b9e6ff2962
i386
openssl-0.9.8e-37.el5_11.i386.rpm SHA-256: 471ba4e8870b148370696fe8e9712f93681274269ef884ef1e4dab685b330881
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-perl-0.9.8e-37.el5_11.i386.rpm SHA-256: 8b6c5e1c09571bcfe0eafc626c16c030b4a3f9da5f3df6d581f20b9760374b79

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssl-0.9.8e-37.el5_11.src.rpm SHA-256: 71d9f2658e6894e4bee3d986f4db94f7ae9bd1e546430304a931a37f42efea5e
s390x
openssl-0.9.8e-37.el5_11.s390.rpm SHA-256: 2b3df93e4851efad3ea397f241a749d41b1f318af64e2adbea07739960749f85
openssl-0.9.8e-37.el5_11.s390x.rpm SHA-256: 4a37d16fa8c68aee9964a1a15a745a8a872aeadb84dd0568847bfa90defa1b00
openssl-debuginfo-0.9.8e-37.el5_11.s390.rpm SHA-256: 92a1e2b21abef67f6bd91e379b48ebdc2e6187ec5f32dad3864390071efe33df
openssl-debuginfo-0.9.8e-37.el5_11.s390x.rpm SHA-256: b48092071f5fc15e2cab0e22545832831168614ee07727afe31a4dddfdaa50fe
openssl-devel-0.9.8e-37.el5_11.s390.rpm SHA-256: 489e4bed0066ab181aec83b703a770edea69eba3058117882fc8ec877486147b
openssl-devel-0.9.8e-37.el5_11.s390x.rpm SHA-256: d6ba35ade84051ab18e28aa2e7705a25bec13e03cd8f365e2635a25c5cc8feb0
openssl-perl-0.9.8e-37.el5_11.s390x.rpm SHA-256: 383fe65373ef99e205cda232e7b18e2dc90ca4fadcff445d8d3ca4d5fbe710f2

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssl-0.9.8e-37.el5_11.src.rpm SHA-256: 71d9f2658e6894e4bee3d986f4db94f7ae9bd1e546430304a931a37f42efea5e
ppc
openssl-0.9.8e-37.el5_11.ppc.rpm SHA-256: 1d98c8c5be9e2f84a2a2eac15f96c1584059e55dea52575be062b7dea6e8c03f
openssl-0.9.8e-37.el5_11.ppc64.rpm SHA-256: 64fa2bce7e492699f4eb70463ea8c2c8aeeacc7cb7c81d3aca89a183e9a5b5ce
openssl-debuginfo-0.9.8e-37.el5_11.ppc.rpm SHA-256: 1fdd59ea891e634526d3c4f7e9a6a8f5ac20b8b04202b9e030aef2cf0c5d8600
openssl-debuginfo-0.9.8e-37.el5_11.ppc64.rpm SHA-256: 0632fa7068fb98fa6a744f3bd698954619338dff8218449d0b52f4a46f71641e
openssl-devel-0.9.8e-37.el5_11.ppc.rpm SHA-256: 59641b650b4dd73aaf4d94cceaabe6a686cac7fe6a43dbd6e5ca81db2c428eaa
openssl-devel-0.9.8e-37.el5_11.ppc64.rpm SHA-256: 0d3f6947290cede7dedf2e57766dab10a3fcf90f07262f867d7fc98f27ba4932
openssl-perl-0.9.8e-37.el5_11.ppc.rpm SHA-256: 6454d0e9bcdcb6b7883f17a6255940efe4102920913003748727ac905414900a

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssl-0.9.8e-37.el5_11.src.rpm SHA-256: 71d9f2658e6894e4bee3d986f4db94f7ae9bd1e546430304a931a37f42efea5e
x86_64
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 569594cb7cd24a40788261e167f98991664f490732d255b2042d41027484c40b
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-debuginfo-0.9.8e-37.el5_11.x86_64.rpm SHA-256: 9494b1122f5a276c71ef17c3c3f683d6d08f006f416808486a5e30d2ac684b0f
openssl-devel-0.9.8e-37.el5_11.i386.rpm SHA-256: 7bffa76d3d72f53267280433ee566d36904879eb4b9cedc2ce912b8e06e2e871
openssl-devel-0.9.8e-37.el5_11.x86_64.rpm SHA-256: b79b8a7d56bcf7411062778e2e6488bdd2f704ccdd706dd033cfd9b61d750926
openssl-perl-0.9.8e-37.el5_11.x86_64.rpm SHA-256: e531a27a6fa6fb04be24d8e4ffd5ec370db1378d2e47923e164be5b9e6ff2962
i386
openssl-0.9.8e-37.el5_11.i386.rpm SHA-256: 471ba4e8870b148370696fe8e9712f93681274269ef884ef1e4dab685b330881
openssl-0.9.8e-37.el5_11.i686.rpm SHA-256: 26867f693246a21f01a3601c0c380aab5990871ba8c595399573d074a5743556
openssl-debuginfo-0.9.8e-37.el5_11.i386.rpm SHA-256: e6ff80686ace725b665516f3525f19637a4fea0bf040480772906889d75c10fa
openssl-debuginfo-0.9.8e-37.el5_11.i686.rpm SHA-256: 492ca67ce79582924d402f231fd806f46b707ce39e63cce21e8a837f5615da9a
openssl-devel-0.9.8e-37.el5_11.i386.rpm SHA-256: 7bffa76d3d72f53267280433ee566d36904879eb4b9cedc2ce912b8e06e2e871
openssl-perl-0.9.8e-37.el5_11.i386.rpm SHA-256: 8b6c5e1c09571bcfe0eafc626c16c030b4a3f9da5f3df6d581f20b9760374b79

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter