Date:         Mon, 13 Apr 2015 14:28:24 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Moderate: openssl on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Moderate: openssl security update
Advisory ID:       SLSA-2015:0800-1
Issue Date:        2015-04-13
CVE Numbers:       CVE-2015-0204
                   CVE-2014-8275
                   CVE-2015-0287
                   CVE-2015-0289
                   CVE-2015-0292
                   CVE-2015-0293
                   CVE-2015-0288
--

It was discovered that OpenSSL would accept ephemeral RSA keys when using
non-export RSA cipher suites. A malicious server could make a TLS/SSL
client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

An integer underflow flaw, leading to a buffer overflow, was found in the
way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to
make an application using OpenSSL decode a specially crafted
Base64-encoded input (such as a PEM file) could use this flaw to cause the
application to crash. Note: this flaw is not exploitable via the TLS/SSL
protocol because the data being transferred is not Base64-encoded.
(CVE-2015-0292)

A denial of service flaw was found in the way OpenSSL handled SSLv2
handshake messages. A remote attacker could use this flaw to cause a
TLS/SSL server using OpenSSL to exit on a failed assertion if it had both
the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)

Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An
attacker could use these flaws to modify an X.509 certificate to produce a
certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2014-8275)

An out-of-bounds write flaw was found in the way OpenSSL reused certain
ASN.1 structures. A remote attacker could possibly use a specially crafted
ASN.1 structure that, when parsed by an application, would cause that
application to crash. (CVE-2015-0287)

A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate
handling implementation. A specially crafted X.509 certificate could cause
an application using OpenSSL to crash if the application attempted to
convert the certificate to a certificate request. (CVE-2015-0288)

A NULL pointer dereference was found in the way OpenSSL handled certain
PKCS#7 inputs. An attacker able to make an application using OpenSSL
verify, decrypt, or parse a specially crafted PKCS#7 input could cause
that application to crash. TLS/SSL clients and servers using OpenSSL were
not affected by this flaw. (CVE-2015-0289)

For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.
--

SL5
  x86_64
    openssl-0.9.8e-33.el5_11.i686.rpm
    openssl-0.9.8e-33.el5_11.x86_64.rpm
    openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
    openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm
    openssl-perl-0.9.8e-33.el5_11.x86_64.rpm
    openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
    openssl-devel-0.9.8e-33.el5_11.i386.rpm
    openssl-devel-0.9.8e-33.el5_11.x86_64.rpm
  i386
    openssl-0.9.8e-33.el5_11.i386.rpm
    openssl-0.9.8e-33.el5_11.i686.rpm
    openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
    openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
    openssl-perl-0.9.8e-33.el5_11.i386.rpm
    openssl-devel-0.9.8e-33.el5_11.i386.rpm

- Scientific Linux Development Team