Resolution for CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794 (OpenSSL Dec 3, 2015)

Solution Verified - Updated -

Issue

  • OpenSSL: BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
  • OpenSSL: Certificate verify crash with missing PSS parameter (CVE-2015-3194)
  • OpenSSL: X509_ATTRIBUTE memory leak (CVE-2015-3195)
  • OpenSSL: Race condition handling PSK identify hint (CVE-2015-3196)
  • OpenSSL: Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • openssl, openssl098e, openssl097a

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In