Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

Scientific Linux: SLSA-2015:0715-1 Moderate: OpenSSL Denial of Service

Scientific Large Esm H446
Moderate: openssl security update
Date: Tue, 17 Mar 2015 09:24:32 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
mlocate-0.22.2-6.el6.i686.rpm
ncurses-5.7-4.20090207.el6.i686.rpm
ncurses-base-5.7-4.20090207.el6.i686.rpm
ncurses-devel-5.7-4.20090207.el6.i686.rpm
ncurses-libs-5.7-4.20090207.el6.i686.rpm
ncurses-static-5.7-4.20090207.el6.i686.rpm
ncurses-term-5.7-4.20090207.el6.i686.rpm
ntp-4.2.6p5-3.el6_6.i686.rpm
ntpdate-4.2.6p5-3.el6_6.i686.rpm
ntp-doc-4.2.6p5-3.el6_6.noarch.rpm
ntp-perl-4.2.6p5-3.el6_6.i686.rpm
ppp-2.4.5-10.el6.i686.rpm
ppp-devel-2.4.5-10.el6.i686.rpm

x86_64:
mlocate-0.22.2-6.el6.x86_64.rpm
ncurses-5.7-4.20090207.el6.x86_64.rpm
ncurses-base-5.7-4.20090207.el6.x86_64.rpm
ncurses-devel-5.7-4.20090207.el6.i686.rpm
ncurses-devel-5.7-4.20090207.el6.x86_64.rpm
ncurses-libs-5.7-4.20090207.el6.i686.rpm
ncurses-libs-5.7-4.20090207.el6.x86_64.rpm
ncurses-static-5.7-4.20090207.el6.x86_64.rpm
ncurses-term-5.7-4.20090207.el6.x86_64.rpm
ntp-4.2.6p5-3.el6_6.x86_64.rpm
ntpdate-4.2.6p5-3.el6_6.x86_64.rpm
ntp-doc-4.2.6p5-3.el6_6.noarch.rpm
ntp-perl-4.2.6p5-3.el6_6.x86_64.rpm
ppp-2.4.5-10.el6.x86_64.rpm
ppp-devel-2.4.5-10.el6.i686.rpm
ppp-devel-2.4.5-10.el6.x86_64.rpm
Date: Tue, 24 Mar 2015 09:09:00 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
ccs-0.16.2-75.el6_6.1.i686.rpm
cronie-1.4.4-14.el6.i686.rpm
cronie-anacron-1.4.4-14.el6.i686.rpm
cronie-noanacron-1.4.4-14.el6.i686.rpm
keepalived-1.2.13-5.el6_6.i686.rpm
libipa_hbac-1.11.6-30.el6_6.4.i686.rpm
libipa_hbac-devel-1.11.6-30.el6_6.4.i686.rpm
libipa_hbac-python-1.11.6-30.el6_6.4.i686.rpm
libsss_idmap-1.11.6-30.el6_6.4.i686.rpm
libsss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
libsss_nss_idmap-1.11.6-30.el6_6.4.i686.rpm
libsss_nss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
libsss_nss_idmap-python-1.11.6-30.el6_6.4.i686.rpm
mgetty-1.1.36-9.el6.i686.rpm
mgetty-sendfax-1.1.36-9.el6.i686.rpm
mgetty-viewfax-1.1.36-9.el6.i686.rpm
mgetty-voice-1.1.36-9.el6.i686.rpm
nss-pam-ldapd-0.7.5-20.el6_6.3.i686.rpm
pam_passwdqc-1.0.5-8.el6.i686.rpm
polkit-0.96-11.el6.i686.rpm
polkit-desktop-policy-0.96-11.el6.noarch.rpm
polkit-devel-0.96-11.el6.i686.rpm
polkit-docs-0.96-11.el6.i686.rpm
python-sssdconfig-1.11.6-30.el6_6.4.noarch.rpm
ricci-0.16.2-75.el6_6.1.i686.rpm
sssd-1.11.6-30.el6_6.4.i686.rpm
sssd-ad-1.11.6-30.el6_6.4.i686.rpm
sssd-client-1.11.6-30.el6_6.4.i686.rpm
sssd-common-1.11.6-30.el6_6.4.i686.rpm
sssd-common-pac-1.11.6-30.el6_6.4.i686.rpm
sssd-dbus-1.11.6-30.el6_6.4.i686.rpm
sssd-ipa-1.11.6-30.el6_6.4.i686.rpm
sssd-krb5-1.11.6-30.el6_6.4.i686.rpm
sssd-krb5-common-1.11.6-30.el6_6.4.i686.rpm
sssd-ldap-1.11.6-30.el6_6.4.i686.rpm
sssd-proxy-1.11.6-30.el6_6.4.i686.rpm
sssd-tools-1.11.6-30.el6_6.4.i686.rpm
time-1.7-38.el6.i686.rpm

x86_64:
ccs-0.16.2-75.el6_6.1.x86_64.rpm
cronie-1.4.4-14.el6.x86_64.rpm
cronie-anacron-1.4.4-14.el6.x86_64.rpm
cronie-noanacron-1.4.4-14.el6.x86_64.rpm
keepalived-1.2.13-5.el6_6.x86_64.rpm
libipa_hbac-1.11.6-30.el6_6.4.i686.rpm
libipa_hbac-1.11.6-30.el6_6.4.x86_64.rpm
libipa_hbac-devel-1.11.6-30.el6_6.4.i686.rpm
libipa_hbac-devel-1.11.6-30.el6_6.4.x86_64.rpm
libipa_hbac-python-1.11.6-30.el6_6.4.x86_64.rpm
libsss_idmap-1.11.6-30.el6_6.4.i686.rpm
libsss_idmap-1.11.6-30.el6_6.4.x86_64.rpm
libsss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
libsss_idmap-devel-1.11.6-30.el6_6.4.x86_64.rpm
libsss_nss_idmap-1.11.6-30.el6_6.4.i686.rpm
libsss_nss_idmap-1.11.6-30.el6_6.4.x86_64.rpm
libsss_nss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
libsss_nss_idmap-devel-1.11.6-30.el6_6.4.x86_64.rpm
libsss_nss_idmap-python-1.11.6-30.el6_6.4.x86_64.rpm
mgetty-1.1.36-9.el6.x86_64.rpm
mgetty-sendfax-1.1.36-9.el6.x86_64.rpm
mgetty-viewfax-1.1.36-9.el6.x86_64.rpm
mgetty-voice-1.1.36-9.el6.x86_64.rpm
nss-pam-ldapd-0.7.5-20.el6_6.3.i686.rpm
nss-pam-ldapd-0.7.5-20.el6_6.3.x86_64.rpm
pam_passwdqc-1.0.5-8.el6.i686.rpm
pam_passwdqc-1.0.5-8.el6.x86_64.rpm
polkit-0.96-11.el6.i686.rpm
polkit-0.96-11.el6.x86_64.rpm
polkit-desktop-policy-0.96-11.el6.noarch.rpm
polkit-devel-0.96-11.el6.i686.rpm
polkit-devel-0.96-11.el6.x86_64.rpm
polkit-docs-0.96-11.el6.x86_64.rpm
python-sssdconfig-1.11.6-30.el6_6.4.noarch.rpm
ricci-0.16.2-75.el6_6.1.x86_64.rpm
sssd-1.11.6-30.el6_6.4.x86_64.rpm
sssd-ad-1.11.6-30.el6_6.4.x86_64.rpm
sssd-client-1.11.6-30.el6_6.4.i686.rpm
sssd-client-1.11.6-30.el6_6.4.x86_64.rpm
sssd-common-1.11.6-30.el6_6.4.x86_64.rpm
sssd-common-pac-1.11.6-30.el6_6.4.x86_64.rpm
sssd-dbus-1.11.6-30.el6_6.4.x86_64.rpm
sssd-ipa-1.11.6-30.el6_6.4.x86_64.rpm
sssd-krb5-1.11.6-30.el6_6.4.x86_64.rpm
sssd-krb5-common-1.11.6-30.el6_6.4.x86_64.rpm
sssd-ldap-1.11.6-30.el6_6.4.x86_64.rpm
sssd-proxy-1.11.6-30.el6_6.4.x86_64.rpm
sssd-tools-1.11.6-30.el6_6.4.x86_64.rpm
time-1.7-38.el6.x86_64.rpm
Date: Tue, 24 Mar 2015 09:12:04 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
mailman-2.1.9-8.el5_11.i386.rpm

x86_64:
mailman-2.1.9-8.el5_11.x86_64.rpm
Date: Wed, 25 Mar 2015 15:15:21 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: openssl on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: openssl security update
Advisory ID: SLSA-2015:0715-1
Issue Date: 2015-03-24
CVE Numbers: CVE-2015-0209
 CVE-2015-0286
 CVE-2015-0287
 CVE-2015-0289
 CVE-2015-0292
 CVE-2015-0293
 CVE-2015-0288
--

An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()
function. A remote attacker could crash a TLS/SSL client or server using
OpenSSL via a specially crafted X.509 certificate when the attacker-
supplied certificate was verified by the application. (CVE-2015-0286)

An integer underflow flaw, leading to a buffer overflow, was found in the
way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to
make an application using OpenSSL decode a specially crafted
Base64-encoded input (such as a PEM file) could use this flaw to cause the
application to crash. Note: this flaw is not exploitable via the TLS/SSL
protocol because the data being transferred is not Base64-encoded.
(CVE-2015-0292)

A denial of service flaw was found in the way OpenSSL handled SSLv2
handshake messages. A remote attacker could use this flaw to cause a
TLS/SSL server using OpenSSL to exit on a failed assertion if it had both
the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)

A use-after-free flaw was found in the way OpenSSL imported malformed
Elliptic Curve private keys. A specially crafted key file could cause an
application using OpenSSL to crash when imported. (CVE-2015-0209)

An out-of-bounds write flaw was found in the way OpenSSL reused certain
ASN.1 structures. A remote attacker could possibly use a specially crafted
ASN.1 structure that, when parsed by an application, would cause that
application to crash. (CVE-2015-0287)

A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate
handling implementation. A specially crafted X.509 certificate could cause
an application using OpenSSL to crash if the application attempted to
convert the certificate to a certificate request. (CVE-2015-0288)

A NULL pointer dereference was found in the way OpenSSL handled certain
PKCS#7 inputs. An attacker able to make an application using OpenSSL
verify, decrypt, or parse a specially crafted PKCS#7 input could cause
that application to crash. TLS/SSL clients and servers using OpenSSL were
not affected by this flaw. (CVE-2015-0289)

For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.
--

SL6
 x86_64
 openssl-1.0.1e-30.el6_6.7.i686.rpm
 openssl-1.0.1e-30.el6_6.7.x86_64.rpm
 openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
 openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
 openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
 openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
 openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm
 openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
 i386
 openssl-1.0.1e-30.el6_6.7.i686.rpm
 openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
 openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
 openssl-perl-1.0.1e-30.el6_6.7.i686.rpm
 openssl-static-1.0.1e-30.el6_6.7.i686.rpm

- Scientific Linux Development Team