Date: Mon, 15 Jun 2015 19:51:57 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA moderate: Moderate: Openssl Security Update on
SL6.x, SL7.x i386/srpm/x86_64
MIME-Version: 1.0
Synopsis: moderate: Moderate: Openssl Security Update security update
Advisory ID: SLSA-2015:1115-1
Issue Date: 2015-06-15
CVE Numbers: CVE-2014-8176
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-3216
--
An invalid free flaw was found in the way OpenSSL handled certain DTLS
handshake messages. A malicious DTLS client or server could cause a DTLS
server or client using OpenSSL to crash or, potentially, execute arbitrary
code. (CVE-2014-8176)
A flaw was found in the way the OpenSSL packages shipped with Scientific
Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This
issue could possibly cause a multi-threaded application using OpenSSL to
perform an out-of-bounds read and crash. (CVE-2015-3216)
An out-of-bounds read flaw was found in the X509_cmp_time() function of
OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation
List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL
to crash. (CVE-2015-1789)
A race condition was found in the session handling code of OpenSSL. This
issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL
to double free session ticket data and crash. (CVE-2015-1791)
A flaw was found in the way OpenSSL handled Cryptographic Message Syntax
(CMS) messages. A CMS message with an unknown hash function identifier
could cause an application using OpenSSL to enter an infinite loop.
(CVE-2015-1792)
A NULL pointer dereference was found in the way OpenSSL handled certain
PKCS#7 inputs. A specially crafted PKCS#7 input with missing
EncryptedContent data could cause an application using OpenSSL to crash.
(CVE-2015-1790)
For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.
--
SL6
x86_64
openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm
openssl-1.0.1e-30.el6_6.11.i686.rpm
openssl-1.0.1e-30.el6_6.11.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm
openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.11.i686.rpm
i386
openssl-static-1.0.1e-30.el6_6.11.i686.rpm
openssl-1.0.1e-30.el6_6.11.i686.rpm
openssl-devel-1.0.1e-30.el6_6.11.i686.rpm
openssl-perl-1.0.1e-30.el6_6.11.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm
srpm
openssl-1.0.1e-30.el6_6.11.src.rpm
SL7
x86_64
openssl-static-1.0.1e-42.el7_1.8.i686.rpm
openssl-libs-1.0.1e-42.el7_1.8.i686.rpm
openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm
openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm
openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm
openssl-1.0.1e-42.el7_1.8.x86_64.rpm
openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm
openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm
openssl-devel-1.0.1e-42.el7_1.8.i686.rpm
openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm
srpm
openssl-1.0.1e-42.el7_1.8.src.rpm
- Scientific Linux Development Team
SciLinux: CVE-2014-8176 moderate: Moderate: Openssl Security Update on
moderate: Moderate: Openssl Security Update security update
Summary
moderate: Moderate: Openssl Security Update security update
Security Fixes
Severity
Advisory ID: SLSA-2015:1115-1
Issued Date: : 2015-06-15
CVE Numbers: CVE-2014-8176
CVE-2015-1789
CVE-2015-1790
News
HOWTOs
Features
About Us
Powered By
