Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 456
Alerts This Week
Warning Icon 1 456

Scientific Linux: 2015-01-21 Moderate: OpenSSL Update SL6 & SL7 i386/x86_64

Scientific Large Esm H446
Moderate: openssl security update
Date: Tue, 20 Jan 2015 09:08:00 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

x86_64:
libgudev1-208-11.el7_0.6.i686.rpm
libgudev1-208-11.el7_0.6.x86_64.rpm
libgudev1-devel-208-11.el7_0.6.i686.rpm
libgudev1-devel-208-11.el7_0.6.x86_64.rpm
sblim-sfcb-1.3.16-12.el7_0.i686.rpm
sblim-sfcb-1.3.16-12.el7_0.x86_64.rpm
subscription-manager-1.10.14-13.sl7.x86_64.rpm
subscription-manager-firstboot-1.10.14-13.sl7.x86_64.rpm
subscription-manager-gui-1.10.14-13.sl7.x86_64.rpm
systemd-208-11.el7_0.6.x86_64.rpm
systemd-devel-208-11.el7_0.6.i686.rpm
systemd-devel-208-11.el7_0.6.x86_64.rpm
systemd-journal-gateway-208-11.el7_0.6.x86_64.rpm
systemd-libs-208-11.el7_0.6.i686.rpm
systemd-libs-208-11.el7_0.6.x86_64.rpm
systemd-python-208-11.el7_0.6.x86_64.rpm
systemd-sysv-208-11.el7_0.6.x86_64.rpm
Date: Wed, 21 Jan 2015 16:47:10 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: openssl on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: openssl security update
Advisory ID: SLSA-2015:0066-1
Issue Date: 2015-01-21
CVE Numbers: CVE-2015-0204
 CVE-2014-3572
 CVE-2014-8275
 CVE-2014-3571
 CVE-2015-0206
 CVE-2015-0205
 CVE-2014-3570
--

A NULL pointer dereference flaw was found in the DTLS implementation of
OpenSSL. A remote attacker could send a specially crafted DTLS message,
which would cause an OpenSSL server to crash. (CVE-2014-3571)

A memory leak flaw was found in the way the dtls1_buffer_record() function
of OpenSSL parsed certain DTLS messages. A remote attacker could send
multiple specially crafted DTLS messages to exhaust all available memory
of a DTLS server. (CVE-2015-0206)

It was found that OpenSSL's BigNumber Squaring implementation could
produce incorrect results under certain special conditions. This flaw
could possibly affect certain OpenSSL library functionality, such as RSA
blinding. Note that this issue occurred rarely and with a low probability,
and there is currently no known way of exploiting it. (CVE-2014-3570)

It was discovered that OpenSSL would perform an ECDH key exchange with a
non-ephemeral key even when the ephemeral ECDH cipher suite was selected.
A malicious server could make a TLS/SSL client using OpenSSL use a weaker
key exchange method than the one requested by the user. (CVE-2014-3572)

It was discovered that OpenSSL would accept ephemeral RSA keys when using
non-export RSA cipher suites. A malicious server could make a TLS/SSL
client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An
attacker could use these flaws to modify an X.509 certificate to produce a
certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2014-8275)

It was found that an OpenSSL server would, under certain conditions,
accept Diffie-Hellman client certificates without the use of a private
key. An attacker could use a user's client certificate to authenticate as
that user, without needing the private key. (CVE-2015-0205)

For the update to take effect, all services linked to the OpenSSL library
(such as httpd and other SSL-enabled services) must be restarted or the
system rebooted.
--

SL6
 x86_64
 openssl-1.0.1e-30.el6_6.5.i686.rpm
 openssl-1.0.1e-30.el6_6.5.x86_64.rpm
 openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
 openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
 openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
 openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
 openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
 openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
i386
 openssl-1.0.1e-30.el6_6.5.i686.rpm
 openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
 openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
 openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
 openssl-static-1.0.1e-30.el6_6.5.i686.rpm
SL7
 x86_64
 openssl-1.0.1e-34.el7_0.7.x86_64.rpm
 openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
 openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
 openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
 openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
 openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
 openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
 openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
 openssl-static-1.0.1e-34.el7_0.7.i686.rpm
 openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm

- Scientific Linux Development Team