- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: openssl security update
Advisory ID:       RHSA-2005:476-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:476.html
Issue date:        2005-06-01
Updated on:        2005-06-01
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0975 CAN-2005-0109
- ---------------------------------------------------------------------1. Summary:

Updated OpenSSL packages that fix security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

Colin Percival reported a cache timing attack that could allow a malicious
local user to gain portions of cryptographic keys.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CAN-2005-0109 to the issue.  The OpenSSL library has been patched to add a
new fixed-window mod_exp implementation as default for RSA, DSA, and DH
private-key operations.  This patch is designed to mitigate cache timing
and potentially related attacks.

A flaw was found in the way the der_chop script creates temporary files. It
is possible that a malicious local user could cause der_chop to overwrite
files (CAN-2004-0975).  The der_chop script was deprecated and has been
removed from these updated packages.  Red Hat Enterprise Linux 4 did not
ship der_chop and is therefore not vulnerable to this issue.

Users are advised to update to these erratum packages which contain patches
to correct these issues.

Please note: After installing this update, users are advised to either
restart all services that use OpenSSL or restart their system.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

136302 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
140061 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
157631 - CAN-2005-0109 timing attack on OpenSSL with HT


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm
102f28d06aea7cf3bb34a56cd5da0090  openssl095a-0.9.5a-25.src.rpm
8bafb6187e44ed15d98bd74c0b5cad84  openssl096-0.9.6-25.8.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3  openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd  openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5  openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405  openssl-perl-0.9.6b-39.i386.rpm
653b775edf3a0a9349f6fb35027c6143  openssl095a-0.9.5a-25.i386.rpm
10964869b19af694a5d0514cb36fa205  openssl096-0.9.6-25.8.i386.rpm

ia64:
f3cb5aa3d4e294ae79fd2330011b5f08  openssl-0.9.6b-39.ia64.rpm
2b9344fb71bb4dee0685dd14e07f9274  openssl-devel-0.9.6b-39.ia64.rpm
7167fd4a10d412dcb565f58debb67ac4  openssl-perl-0.9.6b-39.ia64.rpm
935dbc0ded3197d15a7fa5f0dfe373e4  openssl095a-0.9.5a-25.ia64.rpm
7bf31fe46f5eaccb2388b2cda4253cb9  openssl096-0.9.6-25.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm
102f28d06aea7cf3bb34a56cd5da0090  openssl095a-0.9.5a-25.src.rpm
8bafb6187e44ed15d98bd74c0b5cad84  openssl096-0.9.6-25.8.src.rpm

ia64:
f3cb5aa3d4e294ae79fd2330011b5f08  openssl-0.9.6b-39.ia64.rpm
2b9344fb71bb4dee0685dd14e07f9274  openssl-devel-0.9.6b-39.ia64.rpm
7167fd4a10d412dcb565f58debb67ac4  openssl-perl-0.9.6b-39.ia64.rpm
935dbc0ded3197d15a7fa5f0dfe373e4  openssl095a-0.9.5a-25.ia64.rpm
7bf31fe46f5eaccb2388b2cda4253cb9  openssl096-0.9.6-25.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3  openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd  openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5  openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405  openssl-perl-0.9.6b-39.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3  openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd  openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5  openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405  openssl-perl-0.9.6b-39.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a  openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df  openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d  openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227  openssl096b-0.9.6b-16.22.3.ia64.rpm

ppc:
44e5f6bf71e3981f7844e85b29d530df  openssl-0.9.7a-33.15.ppc.rpm
ecdfa92368a84e089d900f0a629a1170  openssl-0.9.7a-33.15.ppc64.rpm
2ca81b2af2ba7375c77b1170df585520  openssl-devel-0.9.7a-33.15.ppc.rpm
7c6ab2cf3daff6a488b064366026b2ef  openssl-perl-0.9.7a-33.15.ppc.rpm
162f4749b30290556231124094cd2bad  openssl096b-0.9.6b-16.22.3.ppc.rpm

s390:
cea7e0a81d9c7e905c44a66ef0aac7bc  openssl-0.9.7a-33.15.s390.rpm
51266bee2ab9d83a40da1ff623b3637c  openssl-devel-0.9.7a-33.15.s390.rpm
3d4c371a3424bcfeff87341706eed0cc  openssl-perl-0.9.7a-33.15.s390.rpm
f1e853444cd2e99374ca8a70a552437d  openssl096b-0.9.6b-16.22.3.s390.rpm

s390x:
cea7e0a81d9c7e905c44a66ef0aac7bc  openssl-0.9.7a-33.15.s390.rpm
63bc66c55d18699ad8acfbf1730d02be  openssl-0.9.7a-33.15.s390x.rpm
43ee653eba3bcd8281231a3124e1d635  openssl-devel-0.9.7a-33.15.s390x.rpm
c422bb5d666389ef0cf101ff327f304e  openssl-perl-0.9.7a-33.15.s390x.rpm
f1e853444cd2e99374ca8a70a552437d  openssl096b-0.9.6b-16.22.3.s390.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a  openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df  openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d  openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227  openssl096b-0.9.6b-16.22.3.ia64.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a  openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df  openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d  openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227  openssl096b-0.9.6b-16.22.3.ia64.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab  openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7  openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad  openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794  openssl096b-0.9.6b-22.3.ia64.rpm

ppc:
c8c471cb2bd9b2792b34d2af3892bd4c  openssl-0.9.7a-43.2.ppc.rpm
a08ad5a5c884cd358de86f47da1825b0  openssl-0.9.7a-43.2.ppc64.rpm
146d7e707e729f2d7df6554623e311b4  openssl-devel-0.9.7a-43.2.ppc.rpm
9da94be3f0733cf0937ec83a74ddefaf  openssl-perl-0.9.7a-43.2.ppc.rpm
3b95181c557862605da524b478f95895  openssl096b-0.9.6b-22.3.ppc.rpm

s390:
88f84e9a7d2ec9d52e1bf61ca46efbe2  openssl-0.9.7a-43.2.s390.rpm
6abebec07c747455150652f0657386d4  openssl-devel-0.9.7a-43.2.s390.rpm
410612c59b990ee7031654a4bc3d5be2  openssl-perl-0.9.7a-43.2.s390.rpm
7c1d10a24e9f4a3443ade30b09560f44  openssl096b-0.9.6b-22.3.s390.rpm

s390x:
88f84e9a7d2ec9d52e1bf61ca46efbe2  openssl-0.9.7a-43.2.s390.rpm
7112d8f2afc723f566f92685338daa0e  openssl-0.9.7a-43.2.s390x.rpm
fd8089721740fced840cb16c1e13aa9a  openssl-devel-0.9.7a-43.2.s390x.rpm
967c2c22cfc0549e768fb24760a83561  openssl-perl-0.9.7a-43.2.s390x.rpm
7c1d10a24e9f4a3443ade30b09560f44  openssl096b-0.9.6b-22.3.s390.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab  openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7  openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad  openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794  openssl096b-0.9.6b-22.3.ia64.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab  openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7  openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad  openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794  openssl096b-0.9.6b-22.3.ia64.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Moderate: openssl security update RHSA-2005:476-01

Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Summary



Summary

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Colin Percival reported a cache timing attack that could allow a malicious local user to gain portions of cryptographic keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-0109 to the issue. The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private-key operations. This patch is designed to mitigate cache timing and potentially related attacks. A flaw was found in the way the der_chop script creates temporary files. It is possible that a malicious local user could cause der_chop to overwrite files (CAN-2004-0975). The der_chop script was deprecated and has been removed from these updated packages. Red Hat Enterprise Linux 4 did not ship der_chop and is therefore not vulnerable to this issue. Users are advised to update to these erratum packages which contain patches to correct these issues. Please note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
136302 - CAN-2004-0975 temporary file vulnerabilities in der_chop script 140061 - CAN-2004-0975 temporary file vulnerabilities in der_chop script 157631 - CAN-2005-0109 timing attack on OpenSSL with HT

6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: 2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm 102f28d06aea7cf3bb34a56cd5da0090 openssl095a-0.9.5a-25.src.rpm 8bafb6187e44ed15d98bd74c0b5cad84 openssl096-0.9.6-25.8.src.rpm
i386: c79dea648676c22fb5a009e1f39e5ea3 openssl-0.9.6b-39.i386.rpm 56186ba8a320a509946b9d692f55f3cd openssl-0.9.6b-39.i686.rpm 381085275ca47b015e00cb6d8623ecc5 openssl-devel-0.9.6b-39.i386.rpm f91c8281f03b68b7b5ebdfb487890405 openssl-perl-0.9.6b-39.i386.rpm 653b775edf3a0a9349f6fb35027c6143 openssl095a-0.9.5a-25.i386.rpm 10964869b19af694a5d0514cb36fa205 openssl096-0.9.6-25.8.i386.rpm
ia64: f3cb5aa3d4e294ae79fd2330011b5f08 openssl-0.9.6b-39.ia64.rpm 2b9344fb71bb4dee0685dd14e07f9274 openssl-devel-0.9.6b-39.ia64.rpm 7167fd4a10d412dcb565f58debb67ac4 openssl-perl-0.9.6b-39.ia64.rpm 935dbc0ded3197d15a7fa5f0dfe373e4 openssl095a-0.9.5a-25.ia64.rpm 7bf31fe46f5eaccb2388b2cda4253cb9 openssl096-0.9.6-25.8.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: 2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm 102f28d06aea7cf3bb34a56cd5da0090 openssl095a-0.9.5a-25.src.rpm 8bafb6187e44ed15d98bd74c0b5cad84 openssl096-0.9.6-25.8.src.rpm
ia64: f3cb5aa3d4e294ae79fd2330011b5f08 openssl-0.9.6b-39.ia64.rpm 2b9344fb71bb4dee0685dd14e07f9274 openssl-devel-0.9.6b-39.ia64.rpm 7167fd4a10d412dcb565f58debb67ac4 openssl-perl-0.9.6b-39.ia64.rpm 935dbc0ded3197d15a7fa5f0dfe373e4 openssl095a-0.9.5a-25.ia64.rpm 7bf31fe46f5eaccb2388b2cda4253cb9 openssl096-0.9.6-25.8.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: 2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm
i386: c79dea648676c22fb5a009e1f39e5ea3 openssl-0.9.6b-39.i386.rpm 56186ba8a320a509946b9d692f55f3cd openssl-0.9.6b-39.i686.rpm 381085275ca47b015e00cb6d8623ecc5 openssl-devel-0.9.6b-39.i386.rpm f91c8281f03b68b7b5ebdfb487890405 openssl-perl-0.9.6b-39.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: 2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm
i386: c79dea648676c22fb5a009e1f39e5ea3 openssl-0.9.6b-39.i386.rpm 56186ba8a320a509946b9d692f55f3cd openssl-0.9.6b-39.i686.rpm 381085275ca47b015e00cb6d8623ecc5 openssl-devel-0.9.6b-39.i386.rpm f91c8281f03b68b7b5ebdfb487890405 openssl-perl-0.9.6b-39.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS: fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm 46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm
i386: 2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm 3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
ia64: 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm ec72eec3236de964420dc9e38ae8d71a openssl-0.9.7a-33.15.ia64.rpm b266014efab5aa58e0fd83b0959d54df openssl-devel-0.9.7a-33.15.ia64.rpm 459eeb342e024e624d6268ed4e9eec9d openssl-perl-0.9.7a-33.15.ia64.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm 94b2856c1e42167fca7391daec2a8227 openssl096b-0.9.6b-16.22.3.ia64.rpm
ppc: 44e5f6bf71e3981f7844e85b29d530df openssl-0.9.7a-33.15.ppc.rpm ecdfa92368a84e089d900f0a629a1170 openssl-0.9.7a-33.15.ppc64.rpm 2ca81b2af2ba7375c77b1170df585520 openssl-devel-0.9.7a-33.15.ppc.rpm 7c6ab2cf3daff6a488b064366026b2ef openssl-perl-0.9.7a-33.15.ppc.rpm 162f4749b30290556231124094cd2bad openssl096b-0.9.6b-16.22.3.ppc.rpm
s390: cea7e0a81d9c7e905c44a66ef0aac7bc openssl-0.9.7a-33.15.s390.rpm 51266bee2ab9d83a40da1ff623b3637c openssl-devel-0.9.7a-33.15.s390.rpm 3d4c371a3424bcfeff87341706eed0cc openssl-perl-0.9.7a-33.15.s390.rpm f1e853444cd2e99374ca8a70a552437d openssl096b-0.9.6b-16.22.3.s390.rpm
s390x: cea7e0a81d9c7e905c44a66ef0aac7bc openssl-0.9.7a-33.15.s390.rpm 63bc66c55d18699ad8acfbf1730d02be openssl-0.9.7a-33.15.s390x.rpm 43ee653eba3bcd8281231a3124e1d635 openssl-devel-0.9.7a-33.15.s390x.rpm c422bb5d666389ef0cf101ff327f304e openssl-perl-0.9.7a-33.15.s390x.rpm f1e853444cd2e99374ca8a70a552437d openssl096b-0.9.6b-16.22.3.s390.rpm
x86_64: 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm 69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm 9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm 497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm 46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm
i386: 2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm 3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
x86_64: 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm 69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm 9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm 497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm 46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm
i386: 2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm 3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
ia64: 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm ec72eec3236de964420dc9e38ae8d71a openssl-0.9.7a-33.15.ia64.rpm b266014efab5aa58e0fd83b0959d54df openssl-devel-0.9.7a-33.15.ia64.rpm 459eeb342e024e624d6268ed4e9eec9d openssl-perl-0.9.7a-33.15.ia64.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm 94b2856c1e42167fca7391daec2a8227 openssl096b-0.9.6b-16.22.3.ia64.rpm
x86_64: 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm 69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm 9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm 497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm 46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm
i386: 2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm 3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
ia64: 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm ec72eec3236de964420dc9e38ae8d71a openssl-0.9.7a-33.15.ia64.rpm b266014efab5aa58e0fd83b0959d54df openssl-devel-0.9.7a-33.15.ia64.rpm 459eeb342e024e624d6268ed4e9eec9d openssl-perl-0.9.7a-33.15.ia64.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm 94b2856c1e42167fca7391daec2a8227 openssl096b-0.9.6b-16.22.3.ia64.rpm
x86_64: 885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm 14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm 69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm 9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm 597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm 497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: 632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm
i386: 487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm 8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm 3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
ia64: 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm 2982807a86a9014fc24244313fa94eab openssl-0.9.7a-43.2.ia64.rpm 70bd62608e952f884fd5a28d19bd96a7 openssl-devel-0.9.7a-43.2.ia64.rpm c7a9c09ff8873c7a64186f928b14baad openssl-perl-0.9.7a-43.2.ia64.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm 9dd474ab5fd73f0a83a9b0d1953f5794 openssl096b-0.9.6b-22.3.ia64.rpm
ppc: c8c471cb2bd9b2792b34d2af3892bd4c openssl-0.9.7a-43.2.ppc.rpm a08ad5a5c884cd358de86f47da1825b0 openssl-0.9.7a-43.2.ppc64.rpm 146d7e707e729f2d7df6554623e311b4 openssl-devel-0.9.7a-43.2.ppc.rpm 9da94be3f0733cf0937ec83a74ddefaf openssl-perl-0.9.7a-43.2.ppc.rpm 3b95181c557862605da524b478f95895 openssl096b-0.9.6b-22.3.ppc.rpm
s390: 88f84e9a7d2ec9d52e1bf61ca46efbe2 openssl-0.9.7a-43.2.s390.rpm 6abebec07c747455150652f0657386d4 openssl-devel-0.9.7a-43.2.s390.rpm 410612c59b990ee7031654a4bc3d5be2 openssl-perl-0.9.7a-43.2.s390.rpm 7c1d10a24e9f4a3443ade30b09560f44 openssl096b-0.9.6b-22.3.s390.rpm
s390x: 88f84e9a7d2ec9d52e1bf61ca46efbe2 openssl-0.9.7a-43.2.s390.rpm 7112d8f2afc723f566f92685338daa0e openssl-0.9.7a-43.2.s390x.rpm fd8089721740fced840cb16c1e13aa9a openssl-devel-0.9.7a-43.2.s390x.rpm 967c2c22cfc0549e768fb24760a83561 openssl-perl-0.9.7a-43.2.s390x.rpm 7c1d10a24e9f4a3443ade30b09560f44 openssl096b-0.9.6b-22.3.s390.rpm
x86_64: 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm 272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm 8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: 632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm
i386: 487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm 8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm 3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
x86_64: 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm 272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm 8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: 632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm
i386: 487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm 8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm 3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
ia64: 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm 2982807a86a9014fc24244313fa94eab openssl-0.9.7a-43.2.ia64.rpm 70bd62608e952f884fd5a28d19bd96a7 openssl-devel-0.9.7a-43.2.ia64.rpm c7a9c09ff8873c7a64186f928b14baad openssl-perl-0.9.7a-43.2.ia64.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm 9dd474ab5fd73f0a83a9b0d1953f5794 openssl096b-0.9.6b-22.3.ia64.rpm
x86_64: 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm 272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm 8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: 632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm
i386: 487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm 8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm 3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
ia64: 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm 2982807a86a9014fc24244313fa94eab openssl-0.9.7a-43.2.ia64.rpm 70bd62608e952f884fd5a28d19bd96a7 openssl-devel-0.9.7a-43.2.ia64.rpm c7a9c09ff8873c7a64186f928b14baad openssl-perl-0.9.7a-43.2.ia64.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm 9dd474ab5fd73f0a83a9b0d1953f5794 openssl096b-0.9.6b-22.3.ia64.rpm
x86_64: 984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm 272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm 8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109

Package List


Severity
Advisory ID: RHSA-2005:476-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:476.html
Issued Date: : 2005-06-01
Updated on: 2005-06-01
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0975 CAN-2005-0109 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved