Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Or troubleshoot an issue.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycles

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem Catalog
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Solution Engine
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2020:1840 - Security Advisory
Issued:
2020-04-28
Updated:
2020-04-28

RHSA-2020:1840 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openssl security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for openssl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: side-channel weak encryption vulnerability (CVE-2019-1547)
  • openssl: information disclosure in fork() (CVE-2019-1549)
  • openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 1735738 - openssl speed reports errors in FIPS mode
  • BZ - 1741285 - TLS 1.2 CCM ciphers are not recognised in FIPS mode
  • BZ - 1741317 - 1024 bit DSA key generation is not disabled in FIPS mode
  • BZ - 1741641 - OpenSSL will sign ServerKeyExchange message with SHA-1 in FIPS mode
  • BZ - 1749068 - OpenSSL generates malformed status_request extension in CertificateRequest message in TLS 1.3
  • BZ - 1749790 - OpenSSL advertises ed25519 and ed448 support in CertificateRequest in FIPS mode
  • BZ - 1752090 - CVE-2019-1547 openssl: side-channel weak encryption vulnerability
  • BZ - 1752095 - CVE-2019-1549 openssl: information disclosure in fork()
  • BZ - 1752100 - CVE-2019-1563 openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey
  • BZ - 1758587 - OpenSSL will send unexpected alert for too short ciphertext with specific ciphersuites [rhel-8]
  • BZ - 1793984 - [RHEL 8][s390x] Restore modified SIGILL signal handler during libcrypto library initialisation

CVEs

  • CVE-2019-1547
  • CVE-2019-1549
  • CVE-2019-1563

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
  • Note: More recent versions of these packages may be available. Click a package name for more details.

    Red Hat Enterprise Linux for x86_64 8

    SRPM
    openssl-1.1.1c-15.el8.src.rpm SHA-256: 894fbd3a3b565bae93925fe532136b35fd5fb04f13f906547a7c93c121b971f9
    x86_64
    openssl-1.1.1c-15.el8.x86_64.rpm SHA-256: 3e792adef13b24f2f5d66e38e018a965193f89b6fed4ea1437ca701d422bee5b
    openssl-debuginfo-1.1.1c-15.el8.i686.rpm SHA-256: 0cd047aaa879fb660c1f9be0f727432a760108a33506578d5a552def6d6695cf
    openssl-debuginfo-1.1.1c-15.el8.x86_64.rpm SHA-256: 83591b0b4bf5ee63aac95b64f3b8b5ab271075aae0d54bb6af1f6a779be53be2
    openssl-debugsource-1.1.1c-15.el8.i686.rpm SHA-256: f638ddd75d1cfeb320d6ea402f10b02ae4f3c18f25e9745469cb47c56d41dbb8
    openssl-debugsource-1.1.1c-15.el8.x86_64.rpm SHA-256: 62df4c8c20fc99374aa8e86cb6e0243db498692d568ccd5d274b1bb4459a9b64
    openssl-devel-1.1.1c-15.el8.i686.rpm SHA-256: 14b156351e38a97f5cc22e81362e6be64d0327aaf202d300f864ca62f6cfb17e
    openssl-devel-1.1.1c-15.el8.x86_64.rpm SHA-256: 42af93805445b22c41a731891d948ecea8c5e45d85999f9dd937a70dd670549a
    openssl-libs-1.1.1c-15.el8.i686.rpm SHA-256: cb4c5fcfebc9aab008c290ab201c327ac65cadcce87b572b1fd01fa6b74e1beb
    openssl-libs-1.1.1c-15.el8.x86_64.rpm SHA-256: 9c7486ee9f7f227cc8b9a928bc1b3ec0128e6fa654c11caaab67490000046280
    openssl-libs-debuginfo-1.1.1c-15.el8.i686.rpm SHA-256: d681f94247cb079ad6b547d20806ba32834d89ce2ed0153e9a1f55dd7f4c96d6
    openssl-libs-debuginfo-1.1.1c-15.el8.x86_64.rpm SHA-256: ea627876710a77fd1f42e9e2a3deeabedb5374edc95bf300a77303d2552af039
    openssl-perl-1.1.1c-15.el8.x86_64.rpm SHA-256: 453046cf9c3ece19bd849887b6e20916c65a2f82e5b43e12bec0a12b9c76708d

    Red Hat Enterprise Linux for IBM z Systems 8

    SRPM
    openssl-1.1.1c-15.el8.src.rpm SHA-256: 894fbd3a3b565bae93925fe532136b35fd5fb04f13f906547a7c93c121b971f9
    s390x
    openssl-1.1.1c-15.el8.s390x.rpm SHA-256: 55f735aea8ee2737fa63ebf25d27258f93ad119733a3389bfb8ea37ce140725f
    openssl-debuginfo-1.1.1c-15.el8.s390x.rpm SHA-256: 9315ce133125c885af73a3136ea2cf6454dc048549cdfb76a17daa260d751b76
    openssl-debugsource-1.1.1c-15.el8.s390x.rpm SHA-256: f680783d38d4873a20969f08a23255cb5de5c5f900bbab267e22f990d1e22fd3
    openssl-devel-1.1.1c-15.el8.s390x.rpm SHA-256: 1b4850f7f153291efcf67a99b5a1c82931a8db43256af5db58f1164de582f002
    openssl-libs-1.1.1c-15.el8.s390x.rpm SHA-256: 6d55aefe2ee59069d22514604c47da81d2638d219fed6e7ea086b0ce64e8c2c0
    openssl-libs-debuginfo-1.1.1c-15.el8.s390x.rpm SHA-256: 9928cea024dd0dbe41da7db59619222617d5c0e4ac7f6ccc719fc7d395a2d522
    openssl-perl-1.1.1c-15.el8.s390x.rpm SHA-256: b8594d14b1f67af714da7fe18a14c388797d57e7e6b9eac458dccfd8c63ad9b1

    Red Hat Enterprise Linux for Power, little endian 8

    SRPM
    openssl-1.1.1c-15.el8.src.rpm SHA-256: 894fbd3a3b565bae93925fe532136b35fd5fb04f13f906547a7c93c121b971f9
    ppc64le
    openssl-1.1.1c-15.el8.ppc64le.rpm SHA-256: 18ce56111991b3a74c9700c33fdf2855d1beea8bcfd88f8a3243699b93bf1c90
    openssl-debuginfo-1.1.1c-15.el8.ppc64le.rpm SHA-256: 63f0dd42ad51ba0ca0d9e25cd75cb273e9ac84cc2a49a7c73bc161e72c5c5f7f
    openssl-debugsource-1.1.1c-15.el8.ppc64le.rpm SHA-256: cf3fa92f211d3c40ff629e6b303ad605e37d8bb60187eb2347c83a93b435a2f5
    openssl-devel-1.1.1c-15.el8.ppc64le.rpm SHA-256: 361eb2a605688836af3e0e8016fc8ab8a711c20e7c38f33f004b99efd8d73cbb
    openssl-libs-1.1.1c-15.el8.ppc64le.rpm SHA-256: b26a19e3526f8b00580a1437f9f03dc8601c89b9a309a85e28528ccee23ff1b2
    openssl-libs-debuginfo-1.1.1c-15.el8.ppc64le.rpm SHA-256: b8666025b3a91790018279b334bb80854562dc0e8b4fa973d072960827527cb1
    openssl-perl-1.1.1c-15.el8.ppc64le.rpm SHA-256: 1fa74a7d5a4a3f219a2d2f6916cd5893b79b310c2f66e067f7b6267fdf3020a9

    Red Hat Enterprise Linux for ARM 64 8

    SRPM
    openssl-1.1.1c-15.el8.src.rpm SHA-256: 894fbd3a3b565bae93925fe532136b35fd5fb04f13f906547a7c93c121b971f9
    aarch64
    openssl-1.1.1c-15.el8.aarch64.rpm SHA-256: 9357d9677258f3a32bf8908998cd7e381ce37396a8b0f5e507474f21e020013c
    openssl-debuginfo-1.1.1c-15.el8.aarch64.rpm SHA-256: 623e2d2bbade611793278f14fd777f5c8a9d5281f742395d6e1def64a86b5021
    openssl-debugsource-1.1.1c-15.el8.aarch64.rpm SHA-256: 595ec70b64258d17b782bdc96971564a51600e0e4c1f8507a04f8d5e0c1d254a
    openssl-devel-1.1.1c-15.el8.aarch64.rpm SHA-256: 4c7e574959cfd942c3b5d933328c0a9878e4fa86c118a8e065b9d6cab7604ca8
    openssl-libs-1.1.1c-15.el8.aarch64.rpm SHA-256: ce75ba78da83925de54f66aa518764514c7524291fe68b34b11c7b1e64b391c4
    openssl-libs-debuginfo-1.1.1c-15.el8.aarch64.rpm SHA-256: b64050823c9584f62ff874fc63e46a4f5a271b4b5b66b6b7d564216ae34de32b
    openssl-perl-1.1.1c-15.el8.aarch64.rpm SHA-256: 6b5a25cc1d543a7e52b5a4d160378a62ccf9e6ac36abf6d6473fd0469198a019

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

    Red Hat

    Quick Links

    • Downloads
    • Subscriptions
    • Support Cases
    • Customer Service
    • Product Documentation

    Help

    • Contact Us
    • Customer Portal FAQ
    • Log-in Assistance

    Site Info

    • Trust Red Hat
    • Browser Support Policy
    • Accessibility
    • Awards and Recognition
    • Colophon

    Related Sites

    • redhat.com
    • openshift.com
    • developers.redhat.com
    • connect.redhat.com

    About

    • Red Hat Subscription Value
    • About Red Hat
    • Red Hat Jobs
    Copyright © 2021 Red Hat, Inc.
    • Privacy Statement
    • Customer Portal Terms of Use
    • All Policies and Guidelines
    Red Hat Summit
    Twitter Facebook