Red Hat 9042 Published by

OpenSSL security updates are available for Red Hat Enterprise Linux 2.1, 3, and 4.

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2005:476-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-476.html
Issue date: 2005-06-01
Updated on: 2005-06-01
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0975 CAN-2005-0109
----------------------------------------------------------------------

1. Summary:

Updated OpenSSL packages that fix security issues are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64



3. Problem description:

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Colin Percival reported a cache timing attack that could allow a malicious local user to gain portions of cryptographic keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-0109 to the issue. The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private-key operations. This patch is designed to mitigate cache timing and potentially related attacks.

A flaw was found in the way the der_chop script creates temporary files. It is possible that a malicious local user could cause der_chop to overwrite files (CAN-2004-0975). The der_chop script was deprecated and has been removed from these updated packages. Red Hat Enterprise Linux 4 did not ship der_chop and is therefore not vulnerable to this issue.

Users are advised to update to these erratum packages which contain patches to correct these issues.

Please note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

136302 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
140061 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
157631 - CAN-2005-0109 timing attack on OpenSSL with HT


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-25.src.rpm
102f28d06aea7cf3bb34a56cd5da0090 openssl095a-0.9.5a-25.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-25.8.src.rpm
8bafb6187e44ed15d98bd74c0b5cad84 openssl096-0.9.6-25.8.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3 openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5 openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405 openssl-perl-0.9.6b-39.i386.rpm
653b775edf3a0a9349f6fb35027c6143 openssl095a-0.9.5a-25.i386.rpm
10964869b19af694a5d0514cb36fa205 openssl096-0.9.6-25.8.i386.rpm

ia64:
f3cb5aa3d4e294ae79fd2330011b5f08 openssl-0.9.6b-39.ia64.rpm
2b9344fb71bb4dee0685dd14e07f9274 openssl-devel-0.9.6b-39.ia64.rpm
7167fd4a10d412dcb565f58debb67ac4 openssl-perl-0.9.6b-39.ia64.rpm
935dbc0ded3197d15a7fa5f0dfe373e4 openssl095a-0.9.5a-25.ia64.rpm
7bf31fe46f5eaccb2388b2cda4253cb9 openssl096-0.9.6-25.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-25.src.rpm
102f28d06aea7cf3bb34a56cd5da0090 openssl095a-0.9.5a-25.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-25.8.src.rpm
8bafb6187e44ed15d98bd74c0b5cad84 openssl096-0.9.6-25.8.src.rpm

ia64:
f3cb5aa3d4e294ae79fd2330011b5f08 openssl-0.9.6b-39.ia64.rpm
2b9344fb71bb4dee0685dd14e07f9274 openssl-devel-0.9.6b-39.ia64.rpm
7167fd4a10d412dcb565f58debb67ac4 openssl-perl-0.9.6b-39.ia64.rpm
935dbc0ded3197d15a7fa5f0dfe373e4 openssl095a-0.9.5a-25.ia64.rpm
7bf31fe46f5eaccb2388b2cda4253cb9 openssl096-0.9.6-25.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3 openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5 openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405 openssl-perl-0.9.6b-39.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca openssl-0.9.6b-39.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3 openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5 openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405 openssl-perl-0.9.6b-39.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227 openssl096b-0.9.6b-16.22.3.ia64.rpm

ppc:
44e5f6bf71e3981f7844e85b29d530df openssl-0.9.7a-33.15.ppc.rpm
ecdfa92368a84e089d900f0a629a1170 openssl-0.9.7a-33.15.ppc64.rpm
2ca81b2af2ba7375c77b1170df585520 openssl-devel-0.9.7a-33.15.ppc.rpm
7c6ab2cf3daff6a488b064366026b2ef openssl-perl-0.9.7a-33.15.ppc.rpm
162f4749b30290556231124094cd2bad openssl096b-0.9.6b-16.22.3.ppc.rpm

s390:
cea7e0a81d9c7e905c44a66ef0aac7bc openssl-0.9.7a-33.15.s390.rpm
51266bee2ab9d83a40da1ff623b3637c openssl-devel-0.9.7a-33.15.s390.rpm
3d4c371a3424bcfeff87341706eed0cc openssl-perl-0.9.7a-33.15.s390.rpm
f1e853444cd2e99374ca8a70a552437d openssl096b-0.9.6b-16.22.3.s390.rpm

s390x:
cea7e0a81d9c7e905c44a66ef0aac7bc openssl-0.9.7a-33.15.s390.rpm
63bc66c55d18699ad8acfbf1730d02be openssl-0.9.7a-33.15.s390x.rpm
43ee653eba3bcd8281231a3124e1d635 openssl-devel-0.9.7a-33.15.s390x.rpm
c422bb5d666389ef0cf101ff327f304e openssl-perl-0.9.7a-33.15.s390x.rpm
f1e853444cd2e99374ca8a70a552437d openssl096b-0.9.6b-16.22.3.s390.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227 openssl096b-0.9.6b-16.22.3.ia64.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86 openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3 openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1 openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227 openssl096b-0.9.6b-16.22.3.ia64.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4 openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89 openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65 openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179 openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7 openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794 openssl096b-0.9.6b-22.3.ia64.rpm

ppc:
c8c471cb2bd9b2792b34d2af3892bd4c openssl-0.9.7a-43.2.ppc.rpm
a08ad5a5c884cd358de86f47da1825b0 openssl-0.9.7a-43.2.ppc64.rpm
146d7e707e729f2d7df6554623e311b4 openssl-devel-0.9.7a-43.2.ppc.rpm
9da94be3f0733cf0937ec83a74ddefaf openssl-perl-0.9.7a-43.2.ppc.rpm
3b95181c557862605da524b478f95895 openssl096b-0.9.6b-22.3.ppc.rpm

s390:
88f84e9a7d2ec9d52e1bf61ca46efbe2 openssl-0.9.7a-43.2.s390.rpm
6abebec07c747455150652f0657386d4 openssl-devel-0.9.7a-43.2.s390.rpm
410612c59b990ee7031654a4bc3d5be2 openssl-perl-0.9.7a-43.2.s390.rpm
7c1d10a24e9f4a3443ade30b09560f44 openssl096b-0.9.6b-22.3.s390.rpm

s390x:
88f84e9a7d2ec9d52e1bf61ca46efbe2 openssl-0.9.7a-43.2.s390.rpm
7112d8f2afc723f566f92685338daa0e openssl-0.9.7a-43.2.s390x.rpm
fd8089721740fced840cb16c1e13aa9a openssl-devel-0.9.7a-43.2.s390x.rpm
967c2c22cfc0549e768fb24760a83561 openssl-perl-0.9.7a-43.2.s390x.rpm
7c1d10a24e9f4a3443ade30b09560f44 openssl096b-0.9.6b-22.3.s390.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7 openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794 openssl096b-0.9.6b-22.3.ia64.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1 openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4 openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0 openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78 openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7 openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794 openssl096b-0.9.6b-22.3.ia64.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087 openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6 openssl096b-0.9.6b-22.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.