====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: openssl security, bug fix, and enhancement update
Advisory ID:       RHSA-2009:1335-02
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2009:1335.html
Issue date:        2009-09-02
Keywords:          FIPS-140-2 CRL SMIME
CVE Names:         CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 
                   CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 
====================================================================
1. Summary:

Updated openssl packages that fix several security issues, various bugs,
and add enhancements are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a full-strength
general purpose cryptography library. Datagram TLS (DTLS) is a protocol
based on TLS that is capable of securing datagram transport (for example,
UDP).

Multiple denial of service flaws were discovered in OpenSSL's DTLS
implementation. A remote attacker could use these flaws to cause a DTLS
server to use excessive amounts of memory, or crash on an invalid memory
access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378,
CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)

Note: These flaws only affect applications that use DTLS. Red Hat does not
ship any DTLS client or server applications in Red Hat Enterprise Linux.

An input validation flaw was found in the handling of the BMPString and
UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex()
function. An attacker could use this flaw to create a specially-crafted
X.509 certificate that could cause applications using the affected function
to crash when printing certificate contents. (CVE-2009-0590)

Note: The affected function is rarely used. No application shipped with Red
Hat Enterprise Linux calls this function, for example.

These updated packages also fix the following bugs:

* "openssl smime -verify -in" verifies the signature of the input file and
the "-verify" switch expects a signed or encrypted input file. Previously,
running openssl on an S/MIME file that was not encrypted or signed caused
openssl to segfault. With this update, the input file is now checked for a
signature or encryption. Consequently, openssl now returns an error and
quits when attempting to verify an unencrypted or unsigned S/MIME file.
(BZ#472440)

* when generating RSA keys, pairwise tests were called even in non-FIPS
mode. This prevented small keys from being generated. With this update,
generating keys in non-FIPS mode no longer calls the pairwise tests and
keys as small as 32-bits can be generated in this mode. Note: In FIPS mode,
pairwise tests are still called and keys generated in this mode must still
be 1024-bits or larger. (BZ#479817)

As well, these updated packages add the following enhancements:

* both the libcrypto and libssl shared libraries, which are part of the
OpenSSL FIPS module, are now checked for integrity on initialization of
FIPS mode. (BZ#475798)

* an issuing Certificate Authority (CA) allows multiple certificate
templates to inherit the CA's Common Name (CN). Because this CN is used as
a unique identifier, each template had to have its own Certificate
Revocation List (CRL). With this update, multiple CRLs with the same
subject name can now be stored in a X509_STORE structure, with their
signature field being used to distinguish between them. (BZ#457134)

* the fipscheck library is no longer needed for rebuilding the openssl
source RPM. (BZ#475798)

OpenSSL users should upgrade to these updated packages, which resolve these
issues and add these enhancements.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at

5. Bugs fixed (http://bugzilla.redhat.com/):

479817 - Do not call pairwise tests in non-FIPS mode
492304 - CVE-2009-0590 openssl: ASN1 printing crash
501253 - CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS
501254 - CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS
501572 - CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS)
503685 - CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request
503688 - CVE-2009-1387 openssl: DTLS out-of-sequence message handling NULL deref DoS

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:

i386:
openssl-0.9.8e-12.el5.i386.rpm
openssl-0.9.8e-12.el5.i686.rpm
openssl-debuginfo-0.9.8e-12.el5.i386.rpm
openssl-debuginfo-0.9.8e-12.el5.i686.rpm
openssl-perl-0.9.8e-12.el5.i386.rpm

x86_64:
openssl-0.9.8e-12.el5.i686.rpm
openssl-0.9.8e-12.el5.x86_64.rpm
openssl-debuginfo-0.9.8e-12.el5.i686.rpm
openssl-debuginfo-0.9.8e-12.el5.x86_64.rpm
openssl-perl-0.9.8e-12.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:

i386:
openssl-debuginfo-0.9.8e-12.el5.i386.rpm
openssl-devel-0.9.8e-12.el5.i386.rpm

x86_64:
openssl-debuginfo-0.9.8e-12.el5.i386.rpm
openssl-debuginfo-0.9.8e-12.el5.x86_64.rpm
openssl-devel-0.9.8e-12.el5.i386.rpm
openssl-devel-0.9.8e-12.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:

i386:
openssl-0.9.8e-12.el5.i386.rpm
openssl-0.9.8e-12.el5.i686.rpm
openssl-debuginfo-0.9.8e-12.el5.i386.rpm
openssl-debuginfo-0.9.8e-12.el5.i686.rpm
openssl-devel-0.9.8e-12.el5.i386.rpm
openssl-perl-0.9.8e-12.el5.i386.rpm

ia64:
openssl-0.9.8e-12.el5.i686.rpm
openssl-0.9.8e-12.el5.ia64.rpm
openssl-debuginfo-0.9.8e-12.el5.i686.rpm
openssl-debuginfo-0.9.8e-12.el5.ia64.rpm
openssl-devel-0.9.8e-12.el5.ia64.rpm
openssl-perl-0.9.8e-12.el5.ia64.rpm

ppc:
openssl-0.9.8e-12.el5.ppc.rpm
openssl-0.9.8e-12.el5.ppc64.rpm
openssl-debuginfo-0.9.8e-12.el5.ppc.rpm
openssl-debuginfo-0.9.8e-12.el5.ppc64.rpm
openssl-devel-0.9.8e-12.el5.ppc.rpm
openssl-devel-0.9.8e-12.el5.ppc64.rpm
openssl-perl-0.9.8e-12.el5.ppc.rpm

s390x:
openssl-0.9.8e-12.el5.s390.rpm
openssl-0.9.8e-12.el5.s390x.rpm
openssl-debuginfo-0.9.8e-12.el5.s390.rpm
openssl-debuginfo-0.9.8e-12.el5.s390x.rpm
openssl-devel-0.9.8e-12.el5.s390.rpm
openssl-devel-0.9.8e-12.el5.s390x.rpm
openssl-perl-0.9.8e-12.el5.s390x.rpm

x86_64:
openssl-0.9.8e-12.el5.i686.rpm
openssl-0.9.8e-12.el5.x86_64.rpm
openssl-debuginfo-0.9.8e-12.el5.i386.rpm
openssl-debuginfo-0.9.8e-12.el5.i686.rpm
openssl-debuginfo-0.9.8e-12.el5.x86_64.rpm
openssl-devel-0.9.8e-12.el5.i386.rpm
openssl-devel-0.9.8e-12.el5.x86_64.rpm
openssl-perl-0.9.8e-12.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.