What Are You Looking For?

Sign Up
Date:         Thu, 16 Oct 2014 18:46:12 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Bonnie King 
Subject:      Security ERRATA Moderate: openssl on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Moderate: openssl security update
Advisory ID:       SLSA-2014:1653-1
Issue Date:        2014-10-16
CVE Numbers:       CVE-2014-3566
--

This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0. The
SSL 3.0 protocol was found to be vulnerable to the padding oracle attack
when using block cipher suites in cipher block chaining (CBC) mode. This
issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.

For additional information about this flaw, see Upstream's Knowledgebase article
at https://access.redhat.com/articles/1232123

For the update to take effect, all services linked to the OpenSSL library 
(such as httpd and other SSL-enabled services) must be
restarted or the system rebooted.
--

SL5
  x86_64
    openssl-0.9.8e-31.el5_11.i686.rpm
    openssl-0.9.8e-31.el5_11.x86_64.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm
    openssl-perl-0.9.8e-31.el5_11.x86_64.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    openssl-devel-0.9.8e-31.el5_11.i386.rpm
    openssl-devel-0.9.8e-31.el5_11.x86_64.rpm
  i386
    openssl-0.9.8e-31.el5_11.i386.rpm
    openssl-0.9.8e-31.el5_11.i686.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    openssl-perl-0.9.8e-31.el5_11.i386.rpm
    openssl-devel-0.9.8e-31.el5_11.i386.rpm

- Scientific Linux Development Team

SciLinux: CVE-2014-3566 Moderate: openssl SL5.x i386/x86_64

Moderate: openssl security update

Summary

Moderate: openssl security update



Security Fixes

Severity
Advisory ID: SLSA-2014:1653-1
Issued Date: : 2014-10-16
CVE Numbers: CVE-2014-3566
This update adds support for the TLS Fallback Signaling Cipher Suite Value

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo