Red Hat Product Errata RHSA-2016:0302 - Security Advisory

Issued:: 2016-03-01
Updated:: 2016-03-01

RHSA-2016:0302 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openssl security update

Type/Severity

Security Advisory: Important

Topic

Updated openssl packages that fix three security issues are now available
for Red Hat Enterprise Linux 5

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A padding oracle flaw was found in the Secure Sockets Layer version 2.0
(SSLv2) protocol. An attacker can potentially use this flaw to decrypt
RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol
version, allowing them to decrypt such connections. This cross-protocol
attack is publicly referred to as DROWN. (CVE-2016-0800)

Note: This issue was addressed by disabling the SSLv2 protocol by default
when using the 'SSLv23' connection methods, and removing support for weak
SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the
'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2
environment variable before starting an application that needs to have
SSLv2 enabled. For more information, refer to the knowledge base article
linked to in the References section.

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2
ciphers that have been disabled on the server. This could result in weak
SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to
man-in-the-middle attacks. (CVE-2015-3197)

An integer overflow flaw, leading to a NULL pointer dereference or a
heap-based memory corruption, was found in the way some BIGNUM functions of
OpenSSL were implemented. Applications that use these functions with large
untrusted input could crash or, potentially, execute arbitrary code.
(CVE-2016-0797)

Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original
reporters of CVE-2016-0800 and CVE-2015-3197; and Guido Vranken as the
original reporter of CVE-2016-0797.

All openssl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers
BZ - 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
BZ - 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openssl-0.9.8e-39.el5_11.src.rpm	SHA-256: 20d0d8d41750db1cd8a47ec9079b0bff60023e8a8595d9c7e6f92b819554a59c
x86_64
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 51c97fd220cb03b8546581ed00267cf66e59bccff794991c584d01ccbd709212
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 09ff63499d97dc1aae6c3341eeb452c929572cf9962c13bfc6ed0dd2129157e9
openssl-devel-0.9.8e-39.el5_11.i386.rpm	SHA-256: 61b53726d98852be3992952765c6d7f1a8f673397566fdb2d24168a103b0f678
openssl-devel-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: e1897f58989f7dc23db0a25997e56dd4207b4d3b525b7f719d9353cd487fa802
openssl-perl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: e9757fa7eee51a9c606047a56187ebe6057e0b297e058cc0129c27599d122f32
ia64
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-0.9.8e-39.el5_11.ia64.rpm	SHA-256: 29c4f7f392d67c80b0b45590f557fd7b99d9842d24aed3ea80bfb5a5993e12a4
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-debuginfo-0.9.8e-39.el5_11.ia64.rpm	SHA-256: 3056bdf92266a5140086658ec197b994fa771d57e858ea17db1cba3fd9d58393
openssl-devel-0.9.8e-39.el5_11.ia64.rpm	SHA-256: 23019266498f5ac28d5406c93d9ebad471e22c6ca96f23bfa143422b1579ad24
openssl-perl-0.9.8e-39.el5_11.ia64.rpm	SHA-256: d345d46cb6af7931af5bbc2fa870135d204bdcb42e06921f6cf3d36069ecfbf8
i386
openssl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 40caca87f74f2f8413ae52eabb4f9dfda848a3c299a74d008338ce5885246225
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-devel-0.9.8e-39.el5_11.i386.rpm	SHA-256: 61b53726d98852be3992952765c6d7f1a8f673397566fdb2d24168a103b0f678
openssl-perl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 300455584a48d765f8deb0a92e74368c12c4291435484a28681bab76ec983770

Red Hat Enterprise Linux Workstation 5

SRPM
openssl-0.9.8e-39.el5_11.src.rpm	SHA-256: 20d0d8d41750db1cd8a47ec9079b0bff60023e8a8595d9c7e6f92b819554a59c
x86_64
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 51c97fd220cb03b8546581ed00267cf66e59bccff794991c584d01ccbd709212
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 09ff63499d97dc1aae6c3341eeb452c929572cf9962c13bfc6ed0dd2129157e9
openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 09ff63499d97dc1aae6c3341eeb452c929572cf9962c13bfc6ed0dd2129157e9
openssl-devel-0.9.8e-39.el5_11.i386.rpm	SHA-256: 61b53726d98852be3992952765c6d7f1a8f673397566fdb2d24168a103b0f678
openssl-devel-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: e1897f58989f7dc23db0a25997e56dd4207b4d3b525b7f719d9353cd487fa802
openssl-perl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: e9757fa7eee51a9c606047a56187ebe6057e0b297e058cc0129c27599d122f32
i386
openssl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 40caca87f74f2f8413ae52eabb4f9dfda848a3c299a74d008338ce5885246225
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-devel-0.9.8e-39.el5_11.i386.rpm	SHA-256: 61b53726d98852be3992952765c6d7f1a8f673397566fdb2d24168a103b0f678
openssl-perl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 300455584a48d765f8deb0a92e74368c12c4291435484a28681bab76ec983770

Red Hat Enterprise Linux Desktop 5

SRPM
openssl-0.9.8e-39.el5_11.src.rpm	SHA-256: 20d0d8d41750db1cd8a47ec9079b0bff60023e8a8595d9c7e6f92b819554a59c
x86_64
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 51c97fd220cb03b8546581ed00267cf66e59bccff794991c584d01ccbd709212
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 09ff63499d97dc1aae6c3341eeb452c929572cf9962c13bfc6ed0dd2129157e9
openssl-perl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: e9757fa7eee51a9c606047a56187ebe6057e0b297e058cc0129c27599d122f32
i386
openssl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 40caca87f74f2f8413ae52eabb4f9dfda848a3c299a74d008338ce5885246225
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-perl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 300455584a48d765f8deb0a92e74368c12c4291435484a28681bab76ec983770

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssl-0.9.8e-39.el5_11.src.rpm	SHA-256: 20d0d8d41750db1cd8a47ec9079b0bff60023e8a8595d9c7e6f92b819554a59c
s390x
openssl-0.9.8e-39.el5_11.s390.rpm	SHA-256: 588da564ec7813674b68bff808a4de0a23687fc9db2b3b19ee1ea2cfe22d483b
openssl-0.9.8e-39.el5_11.s390x.rpm	SHA-256: c0294aecef3b0eddab3b446705b6fbd2f42adec48426c3b12091ddd2bad2d715
openssl-debuginfo-0.9.8e-39.el5_11.s390.rpm	SHA-256: e468cae6e5921eb3893a6d0917ea772ee5adf693fc59c44b46ce8d7b5bc09523
openssl-debuginfo-0.9.8e-39.el5_11.s390x.rpm	SHA-256: bdfe6bf0719afe6f6dcb5561005ea5afd53698aa1dc4ccd6fbb9e3f734c10e06
openssl-devel-0.9.8e-39.el5_11.s390.rpm	SHA-256: 7ca5dcb1ba956de21bc2629a5d105f4ada61f6fad8ebf94552d6a95073aa92a6
openssl-devel-0.9.8e-39.el5_11.s390x.rpm	SHA-256: b7f8d159f64eaad3eb789a1b36bae010af6992b9c7b00671c89c9d89b18bd88c
openssl-perl-0.9.8e-39.el5_11.s390x.rpm	SHA-256: e014fb366b9784ffb22cdbaca630495e6f64bad2721b40d31fea8d934d0d5e10

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssl-0.9.8e-39.el5_11.src.rpm	SHA-256: 20d0d8d41750db1cd8a47ec9079b0bff60023e8a8595d9c7e6f92b819554a59c
ppc
openssl-0.9.8e-39.el5_11.ppc.rpm	SHA-256: 910d200ce7d9244e724ba5c90b9474f0fbfac5d6ef0c48545eb2e603d07ef38a
openssl-0.9.8e-39.el5_11.ppc64.rpm	SHA-256: ef5c9e445ba0627fde3fbadc9efa54c790b9ceb32396fcd79575722d1b5266b6
openssl-debuginfo-0.9.8e-39.el5_11.ppc.rpm	SHA-256: 9f11a277a66cc19feced326cb6a47c1cb0da0bff8d202778dd67ded630084c64
openssl-debuginfo-0.9.8e-39.el5_11.ppc64.rpm	SHA-256: 227c6558ef48c3cb9940db308fa24826e24dcdd04773a390e40e37adec2394ec
openssl-devel-0.9.8e-39.el5_11.ppc.rpm	SHA-256: 6c62705adc6a2fb39b37671b0353cc6f564e77deff1c610914a768e7a3d1e61a
openssl-devel-0.9.8e-39.el5_11.ppc64.rpm	SHA-256: f4b2aaa6776727bd5541f2927f2ab8942bda7e4bddbee9a1acb0d9825658bcfe
openssl-perl-0.9.8e-39.el5_11.ppc.rpm	SHA-256: 61b1f23c4bf9a51c13bef39494558043c28ae3cf0c6cfa06772b6822c219368e

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssl-0.9.8e-39.el5_11.src.rpm	SHA-256: 20d0d8d41750db1cd8a47ec9079b0bff60023e8a8595d9c7e6f92b819554a59c
x86_64
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 51c97fd220cb03b8546581ed00267cf66e59bccff794991c584d01ccbd709212
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-debuginfo-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: 09ff63499d97dc1aae6c3341eeb452c929572cf9962c13bfc6ed0dd2129157e9
openssl-devel-0.9.8e-39.el5_11.i386.rpm	SHA-256: 61b53726d98852be3992952765c6d7f1a8f673397566fdb2d24168a103b0f678
openssl-devel-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: e1897f58989f7dc23db0a25997e56dd4207b4d3b525b7f719d9353cd487fa802
openssl-perl-0.9.8e-39.el5_11.x86_64.rpm	SHA-256: e9757fa7eee51a9c606047a56187ebe6057e0b297e058cc0129c27599d122f32
i386
openssl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 40caca87f74f2f8413ae52eabb4f9dfda848a3c299a74d008338ce5885246225
openssl-0.9.8e-39.el5_11.i686.rpm	SHA-256: 9e640f62cc2beeb8d9becdf3ee52a242df05c6a09b4001d881bc77965fc69f23
openssl-debuginfo-0.9.8e-39.el5_11.i386.rpm	SHA-256: 19fb275d84b4b98009326d987ad3276e7e10c417ee3fd60fd2a74f9c8903f472
openssl-debuginfo-0.9.8e-39.el5_11.i686.rpm	SHA-256: bc0385f58c1ff73330bad44f7b11c6ce85d0039e7bc6395ca2ca882ddf5608a2
openssl-devel-0.9.8e-39.el5_11.i386.rpm	SHA-256: 61b53726d98852be3992952765c6d7f1a8f673397566fdb2d24168a103b0f678
openssl-perl-0.9.8e-39.el5_11.i386.rpm	SHA-256: 300455584a48d765f8deb0a92e74368c12c4291435484a28681bab76ec983770

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories