Red Hat 9041 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: openssl security update
Advisory ID: RHSA-2006:0695-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0695.html
Issue date: 2006-09-28
Updated on: 2006-09-28
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-2937 CVE-2006-2940 CVE-2006-3738
CVE-2006-4343
- ---------------------------------------------------------------------

1. Summary:

Updated OpenSSL packages are now available to correct several security issues.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer (CVE-2006-3738). Few applications make use
of this vulnerable function and generally it is used only when applications
are compiled for debugging.

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
flaw in the SSLv2 client code. When a client application used OpenSSL to
create an SSLv2 connection to a malicious server, that server could cause
the client to crash. (CVE-2006-4343)

Dr S. N. Henson of the OpenSSL core team and Open Network Security recently
developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered
denial of service vulnerabilities:

* Certain public key types can take disproportionate amounts of time to
process, leading to a denial of service. (CVE-2006-2940)

* During parsing of certain invalid ASN.1 structures an error condition was
mishandled. This can result in an infinite loop which consumed system
memory (CVE-2006-2937). This issue does not affect the OpenSSL version
distributed in Red Hat Enterprise Linux 2.1.

These vulnerabilities can affect applications which use OpenSSL to parse
ASN.1 data from untrusted sources, including SSL servers which enable
client authentication and S/MIME applications.

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.

Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

206940 - CVE-2006-3738 OpenSSL issues (CVE-2006-4343)
207274 - CVE-2006-2940 OpenSSL Parasitic Public Keys
207276 - CVE-2006-2937 OpenSSL ASN1 DoS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-46.src.rpm
8dec955be0bcdb6aae9bc0fc6c832eca openssl-0.9.6b-46.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-32.src.rpm
31991401d1065d4934f00a7cb0b35b30 openssl095a-0.9.5a-32.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-32.src.rpm
f2854e9ff45b62b93e8f9cb1b59a05c1 openssl096-0.9.6-32.src.rpm

i386:
c28b3f1b264ab2ea1986cf2c0f211437 openssl-0.9.6b-46.i386.rpm
fca94acfb677dc9155716d7a779f7ede openssl-0.9.6b-46.i686.rpm
b2edb35842b91ed24dbee0a739993129 openssl-devel-0.9.6b-46.i386.rpm
b502425dd73fdc854d1bbe6f29f65bd8 openssl-perl-0.9.6b-46.i386.rpm
a0212f46e2e06dc8557154fd444b8277 openssl095a-0.9.5a-32.i386.rpm
b64b17ba8f32468723a569d36642defc openssl096-0.9.6-32.i386.rpm

ia64:
910ab86216c49bfd0091f10f77da729c openssl-0.9.6b-46.ia64.rpm
7f9f4c612988c83a7a42849eee5cd8cd openssl-devel-0.9.6b-46.ia64.rpm
6741a6cad4ee2bd6971ec6c2ae4744af openssl-perl-0.9.6b-46.ia64.rpm
23953bd1c31641930574c3e72256f026 openssl095a-0.9.5a-32.ia64.rpm
1a1277a9803202b82258d8e0194bd559 openssl096-0.9.6-32.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-46.src.rpm
8dec955be0bcdb6aae9bc0fc6c832eca openssl-0.9.6b-46.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-32.src.rpm
31991401d1065d4934f00a7cb0b35b30 openssl095a-0.9.5a-32.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-32.src.rpm
f2854e9ff45b62b93e8f9cb1b59a05c1 openssl096-0.9.6-32.src.rpm

ia64:
910ab86216c49bfd0091f10f77da729c openssl-0.9.6b-46.ia64.rpm
7f9f4c612988c83a7a42849eee5cd8cd openssl-devel-0.9.6b-46.ia64.rpm
6741a6cad4ee2bd6971ec6c2ae4744af openssl-perl-0.9.6b-46.ia64.rpm
23953bd1c31641930574c3e72256f026 openssl095a-0.9.5a-32.ia64.rpm
1a1277a9803202b82258d8e0194bd559 openssl096-0.9.6-32.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-46.src.rpm
8dec955be0bcdb6aae9bc0fc6c832eca openssl-0.9.6b-46.src.rpm

i386:
c28b3f1b264ab2ea1986cf2c0f211437 openssl-0.9.6b-46.i386.rpm
fca94acfb677dc9155716d7a779f7ede openssl-0.9.6b-46.i686.rpm
b2edb35842b91ed24dbee0a739993129 openssl-devel-0.9.6b-46.i386.rpm
b502425dd73fdc854d1bbe6f29f65bd8 openssl-perl-0.9.6b-46.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-46.src.rpm
8dec955be0bcdb6aae9bc0fc6c832eca openssl-0.9.6b-46.src.rpm

i386:
c28b3f1b264ab2ea1986cf2c0f211437 openssl-0.9.6b-46.i386.rpm
fca94acfb677dc9155716d7a779f7ede openssl-0.9.6b-46.i686.rpm
b2edb35842b91ed24dbee0a739993129 openssl-devel-0.9.6b-46.i386.rpm
b502425dd73fdc854d1bbe6f29f65bd8 openssl-perl-0.9.6b-46.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.21.src.rpm
a973479e3a45ab875fbc961df839de8e openssl-0.9.7a-33.21.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.46.src.rpm
13f3a51b79f3937206cc6a6a8aa6391d openssl096b-0.9.6b-16.46.src.rpm

i386:
827852982785bfa3d5df09de6ff75091 openssl-0.9.7a-33.21.i386.rpm
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
e8548f583303a6f33616ab05230ec0f2 openssl-debuginfo-0.9.7a-33.21.i386.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
a87c753f7e6405ae8fa0aaebc68385c0 openssl-devel-0.9.7a-33.21.i386.rpm
31945ca92c89ac970ae6dfb771b62f90 openssl-perl-0.9.7a-33.21.i386.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm

ia64:
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
5651e3de97f42cd855a931b6a80f2de9 openssl-0.9.7a-33.21.ia64.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
19fa9f7790fcf99a3fd031a2ada6bbd9 openssl-debuginfo-0.9.7a-33.21.ia64.rpm
57708528d814ff3c8b258d4a80528436 openssl-devel-0.9.7a-33.21.ia64.rpm
7d5ed68eb555dc1bcbc4fbabcc5b73ad openssl-perl-0.9.7a-33.21.ia64.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
71fc44bb49b0d92913663c8cb876e669 openssl096b-0.9.6b-16.46.ia64.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm
22df5b0e3a9bdc8e733d37ec5ce7e174 openssl096b-debuginfo-0.9.6b-16.46.ia64.rpm

ppc:
23dd92775b7dff6f9af187e70189a441 openssl-0.9.7a-33.21.ppc.rpm
fdd82d793ffa19d4b2cb24436715b6ef openssl-0.9.7a-33.21.ppc64.rpm
646c09be6961463a5dd1c73c396addac openssl-debuginfo-0.9.7a-33.21.ppc.rpm
c34b6862bc1ddca063e8983ed66cd9b3 openssl-debuginfo-0.9.7a-33.21.ppc64.rpm
cf07c421339a5cbc7b83b445dc83cbb3 openssl-devel-0.9.7a-33.21.ppc.rpm
4b64038e9b9e1a21125ed5fe96936f3a openssl-perl-0.9.7a-33.21.ppc.rpm
251d55b641566819d7a622c3df7adae2 openssl096b-0.9.6b-16.46.ppc.rpm
2c25be65c057819ecfc49c2c8358839f openssl096b-debuginfo-0.9.6b-16.46.ppc.rpm

s390:
4537fa728fbd6535bf9ebfc1dfae9db4 openssl-0.9.7a-33.21.s390.rpm
4ebd21d1b7be9ba245d3e0370f670c81 openssl-debuginfo-0.9.7a-33.21.s390.rpm
0ca48923672d80934b89dd4f23f19477 openssl-devel-0.9.7a-33.21.s390.rpm
586f5db21d131f1124b6c9a86a06392f openssl-perl-0.9.7a-33.21.s390.rpm
ba87b58750856cc18d5de41573455ad6 openssl096b-0.9.6b-16.46.s390.rpm
3e9db2b43a0bb3e580fbfd02efbf15db openssl096b-debuginfo-0.9.6b-16.46.s390.rpm

s390x:
4537fa728fbd6535bf9ebfc1dfae9db4 openssl-0.9.7a-33.21.s390.rpm
287730c6542c5f6f75f21175bc35663a openssl-0.9.7a-33.21.s390x.rpm
4ebd21d1b7be9ba245d3e0370f670c81 openssl-debuginfo-0.9.7a-33.21.s390.rpm
2fbb8d077dc825d6db60336d372018fb openssl-debuginfo-0.9.7a-33.21.s390x.rpm
03d78bb245573ca4dee34deeb38147de openssl-devel-0.9.7a-33.21.s390x.rpm
3e74b96f4ede173e0c9ec76d39991759 openssl-perl-0.9.7a-33.21.s390x.rpm
ba87b58750856cc18d5de41573455ad6 openssl096b-0.9.6b-16.46.s390.rpm
3e9db2b43a0bb3e580fbfd02efbf15db openssl096b-debuginfo-0.9.6b-16.46.s390.rpm

x86_64:
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
828ad64a16daf904ee6f670d2ace71cb openssl-0.9.7a-33.21.x86_64.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
1472d0f38a85d7f53eccf8140cbefeea openssl-debuginfo-0.9.7a-33.21.x86_64.rpm
3af1217ec416c8960d4be2201592553f openssl-devel-0.9.7a-33.21.x86_64.rpm
ebe87dda7ab2d3c45e955810b09961b7 openssl-perl-0.9.7a-33.21.x86_64.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
caea4604b3d35b9829093d2221ebd828 openssl096b-0.9.6b-16.46.x86_64.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm
945552740fbe1c6b1dbca55c13b87340 openssl096b-debuginfo-0.9.6b-16.46.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.21.src.rpm
a973479e3a45ab875fbc961df839de8e openssl-0.9.7a-33.21.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.46.src.rpm
13f3a51b79f3937206cc6a6a8aa6391d openssl096b-0.9.6b-16.46.src.rpm

i386:
827852982785bfa3d5df09de6ff75091 openssl-0.9.7a-33.21.i386.rpm
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
e8548f583303a6f33616ab05230ec0f2 openssl-debuginfo-0.9.7a-33.21.i386.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
a87c753f7e6405ae8fa0aaebc68385c0 openssl-devel-0.9.7a-33.21.i386.rpm
31945ca92c89ac970ae6dfb771b62f90 openssl-perl-0.9.7a-33.21.i386.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm

x86_64:
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
828ad64a16daf904ee6f670d2ace71cb openssl-0.9.7a-33.21.x86_64.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
1472d0f38a85d7f53eccf8140cbefeea openssl-debuginfo-0.9.7a-33.21.x86_64.rpm
3af1217ec416c8960d4be2201592553f openssl-devel-0.9.7a-33.21.x86_64.rpm
ebe87dda7ab2d3c45e955810b09961b7 openssl-perl-0.9.7a-33.21.x86_64.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
caea4604b3d35b9829093d2221ebd828 openssl096b-0.9.6b-16.46.x86_64.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm
945552740fbe1c6b1dbca55c13b87340 openssl096b-debuginfo-0.9.6b-16.46.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.21.src.rpm
a973479e3a45ab875fbc961df839de8e openssl-0.9.7a-33.21.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.46.src.rpm
13f3a51b79f3937206cc6a6a8aa6391d openssl096b-0.9.6b-16.46.src.rpm

i386:
827852982785bfa3d5df09de6ff75091 openssl-0.9.7a-33.21.i386.rpm
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
e8548f583303a6f33616ab05230ec0f2 openssl-debuginfo-0.9.7a-33.21.i386.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
a87c753f7e6405ae8fa0aaebc68385c0 openssl-devel-0.9.7a-33.21.i386.rpm
31945ca92c89ac970ae6dfb771b62f90 openssl-perl-0.9.7a-33.21.i386.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm

ia64:
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
5651e3de97f42cd855a931b6a80f2de9 openssl-0.9.7a-33.21.ia64.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
19fa9f7790fcf99a3fd031a2ada6bbd9 openssl-debuginfo-0.9.7a-33.21.ia64.rpm
57708528d814ff3c8b258d4a80528436 openssl-devel-0.9.7a-33.21.ia64.rpm
7d5ed68eb555dc1bcbc4fbabcc5b73ad openssl-perl-0.9.7a-33.21.ia64.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
71fc44bb49b0d92913663c8cb876e669 openssl096b-0.9.6b-16.46.ia64.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm
22df5b0e3a9bdc8e733d37ec5ce7e174 openssl096b-debuginfo-0.9.6b-16.46.ia64.rpm

x86_64:
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
828ad64a16daf904ee6f670d2ace71cb openssl-0.9.7a-33.21.x86_64.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
1472d0f38a85d7f53eccf8140cbefeea openssl-debuginfo-0.9.7a-33.21.x86_64.rpm
3af1217ec416c8960d4be2201592553f openssl-devel-0.9.7a-33.21.x86_64.rpm
ebe87dda7ab2d3c45e955810b09961b7 openssl-perl-0.9.7a-33.21.x86_64.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
caea4604b3d35b9829093d2221ebd828 openssl096b-0.9.6b-16.46.x86_64.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm
945552740fbe1c6b1dbca55c13b87340 openssl096b-debuginfo-0.9.6b-16.46.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.21.src.rpm
a973479e3a45ab875fbc961df839de8e openssl-0.9.7a-33.21.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.46.src.rpm
13f3a51b79f3937206cc6a6a8aa6391d openssl096b-0.9.6b-16.46.src.rpm

i386:
827852982785bfa3d5df09de6ff75091 openssl-0.9.7a-33.21.i386.rpm
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
e8548f583303a6f33616ab05230ec0f2 openssl-debuginfo-0.9.7a-33.21.i386.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
a87c753f7e6405ae8fa0aaebc68385c0 openssl-devel-0.9.7a-33.21.i386.rpm
31945ca92c89ac970ae6dfb771b62f90 openssl-perl-0.9.7a-33.21.i386.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm

ia64:
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
5651e3de97f42cd855a931b6a80f2de9 openssl-0.9.7a-33.21.ia64.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
19fa9f7790fcf99a3fd031a2ada6bbd9 openssl-debuginfo-0.9.7a-33.21.ia64.rpm
57708528d814ff3c8b258d4a80528436 openssl-devel-0.9.7a-33.21.ia64.rpm
7d5ed68eb555dc1bcbc4fbabcc5b73ad openssl-perl-0.9.7a-33.21.ia64.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
71fc44bb49b0d92913663c8cb876e669 openssl096b-0.9.6b-16.46.ia64.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm
22df5b0e3a9bdc8e733d37ec5ce7e174 openssl096b-debuginfo-0.9.6b-16.46.ia64.rpm

x86_64:
0ddbef7542c03a39e5b783befa49faf9 openssl-0.9.7a-33.21.i686.rpm
828ad64a16daf904ee6f670d2ace71cb openssl-0.9.7a-33.21.x86_64.rpm
fbe2ef66dcf1465978d4cb0c3271a850 openssl-debuginfo-0.9.7a-33.21.i686.rpm
1472d0f38a85d7f53eccf8140cbefeea openssl-debuginfo-0.9.7a-33.21.x86_64.rpm
3af1217ec416c8960d4be2201592553f openssl-devel-0.9.7a-33.21.x86_64.rpm
ebe87dda7ab2d3c45e955810b09961b7 openssl-perl-0.9.7a-33.21.x86_64.rpm
471caa16df4173c4e25942bced25dcac openssl096b-0.9.6b-16.46.i386.rpm
caea4604b3d35b9829093d2221ebd828 openssl096b-0.9.6b-16.46.x86_64.rpm
ef14285589ed68829f3c871fb46a8ab2 openssl096b-debuginfo-0.9.6b-16.46.i386.rpm
945552740fbe1c6b1dbca55c13b87340 openssl096b-debuginfo-0.9.6b-16.46.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.14.src.rpm
d833a111c7c142e838e21b46c2d3d3ca openssl-0.9.7a-43.14.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.46.src.rpm
2294eea329ff59ad7e7b04331c46e485 openssl096b-0.9.6b-22.46.src.rpm

i386:
064f523a3b6f886949031d85902a74e0 openssl-0.9.7a-43.14.i386.rpm
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
0dac0adc8a723aa926cd932268bde04f openssl-debuginfo-0.9.7a-43.14.i386.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
7591b0a079addeaed3ca622c61b170d2 openssl-devel-0.9.7a-43.14.i386.rpm
e4b978822f9e39a4b1095690f2de6ab3 openssl-perl-0.9.7a-43.14.i386.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm

ia64:
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
73e0d1fb22c73ed95e47257a6da1b129 openssl-0.9.7a-43.14.ia64.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
619771b33a1c3e6976889e68a185151e openssl-debuginfo-0.9.7a-43.14.ia64.rpm
b0b3d7b2d3772a89f428c868a62da176 openssl-devel-0.9.7a-43.14.ia64.rpm
5dde996b5bac48158eb076686aeab2c4 openssl-perl-0.9.7a-43.14.ia64.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
617658bda3b36c2b62810f8fad8bf5ad openssl096b-0.9.6b-22.46.ia64.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm
d7c661fe81fa6f6399d56dbeae00d472 openssl096b-debuginfo-0.9.6b-22.46.ia64.rpm

ppc:
3cf9896ac1e976947a0a3112dc99a22c openssl-0.9.7a-43.14.ppc.rpm
67279d21b053d35fe41ba527de3bd00a openssl-0.9.7a-43.14.ppc64.rpm
e429b5da40d4754f3a1a3cfb308aada7 openssl-debuginfo-0.9.7a-43.14.ppc.rpm
498dc98df0ef7429e3f14281be63511c openssl-debuginfo-0.9.7a-43.14.ppc64.rpm
339baf396db81a6d86eb73cdd5a10695 openssl-devel-0.9.7a-43.14.ppc.rpm
fdb5013a4955aea544c7117e0af9644c openssl-perl-0.9.7a-43.14.ppc.rpm
a1efe172641a72e4511f378440e3c634 openssl096b-0.9.6b-22.46.ppc.rpm
33e8777bd1578e542fe003aff01ece81 openssl096b-debuginfo-0.9.6b-22.46.ppc.rpm

s390:
f19acccd901c289a66ca894f0830dcd0 openssl-0.9.7a-43.14.s390.rpm
7710ad84a6590b29435b22ed8c4d179a openssl-debuginfo-0.9.7a-43.14.s390.rpm
79dbb4ef618a8aec8878f8ef5bf8cb47 openssl-devel-0.9.7a-43.14.s390.rpm
4b390d89960d1a19a25f42f5d7af77fa openssl-perl-0.9.7a-43.14.s390.rpm
6ad760a809f7f821b62433a8c7afb13a openssl096b-0.9.6b-22.46.s390.rpm
e46cc5bb3f7c9e45203135adca5a0469 openssl096b-debuginfo-0.9.6b-22.46.s390.rpm

s390x:
f19acccd901c289a66ca894f0830dcd0 openssl-0.9.7a-43.14.s390.rpm
f97c0a205796a8db148638282a582bbf openssl-0.9.7a-43.14.s390x.rpm
7710ad84a6590b29435b22ed8c4d179a openssl-debuginfo-0.9.7a-43.14.s390.rpm
56467884c4ba2e27fe5683374ae680a8 openssl-debuginfo-0.9.7a-43.14.s390x.rpm
0fdb4a82e29561809e89553b6006d981 openssl-devel-0.9.7a-43.14.s390x.rpm
04b452e3a8516723b12b41d3e047a07f openssl-perl-0.9.7a-43.14.s390x.rpm
6ad760a809f7f821b62433a8c7afb13a openssl096b-0.9.6b-22.46.s390.rpm
e46cc5bb3f7c9e45203135adca5a0469 openssl096b-debuginfo-0.9.6b-22.46.s390.rpm

x86_64:
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
f0985b8088804e3bd7309b1ca2ca1d21 openssl-0.9.7a-43.14.x86_64.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
9183de3c43f771befacfaa209b0bc729 openssl-debuginfo-0.9.7a-43.14.x86_64.rpm
9a489c77daf969a867f3f18bee4bb6aa openssl-devel-0.9.7a-43.14.x86_64.rpm
d16bd233156bf495de3854d2d915c5c3 openssl-perl-0.9.7a-43.14.x86_64.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
48478bec0a72ec719a31f60ddb376dad openssl096b-0.9.6b-22.46.x86_64.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm
1bb29a26566a95cb8b8c3652b9e74c53 openssl096b-debuginfo-0.9.6b-22.46.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.14.src.rpm
d833a111c7c142e838e21b46c2d3d3ca openssl-0.9.7a-43.14.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.46.src.rpm
2294eea329ff59ad7e7b04331c46e485 openssl096b-0.9.6b-22.46.src.rpm

i386:
064f523a3b6f886949031d85902a74e0 openssl-0.9.7a-43.14.i386.rpm
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
0dac0adc8a723aa926cd932268bde04f openssl-debuginfo-0.9.7a-43.14.i386.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
7591b0a079addeaed3ca622c61b170d2 openssl-devel-0.9.7a-43.14.i386.rpm
e4b978822f9e39a4b1095690f2de6ab3 openssl-perl-0.9.7a-43.14.i386.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm

x86_64:
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
f0985b8088804e3bd7309b1ca2ca1d21 openssl-0.9.7a-43.14.x86_64.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
9183de3c43f771befacfaa209b0bc729 openssl-debuginfo-0.9.7a-43.14.x86_64.rpm
9a489c77daf969a867f3f18bee4bb6aa openssl-devel-0.9.7a-43.14.x86_64.rpm
d16bd233156bf495de3854d2d915c5c3 openssl-perl-0.9.7a-43.14.x86_64.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
48478bec0a72ec719a31f60ddb376dad openssl096b-0.9.6b-22.46.x86_64.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm
1bb29a26566a95cb8b8c3652b9e74c53 openssl096b-debuginfo-0.9.6b-22.46.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.14.src.rpm
d833a111c7c142e838e21b46c2d3d3ca openssl-0.9.7a-43.14.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.46.src.rpm
2294eea329ff59ad7e7b04331c46e485 openssl096b-0.9.6b-22.46.src.rpm

i386:
064f523a3b6f886949031d85902a74e0 openssl-0.9.7a-43.14.i386.rpm
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
0dac0adc8a723aa926cd932268bde04f openssl-debuginfo-0.9.7a-43.14.i386.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
7591b0a079addeaed3ca622c61b170d2 openssl-devel-0.9.7a-43.14.i386.rpm
e4b978822f9e39a4b1095690f2de6ab3 openssl-perl-0.9.7a-43.14.i386.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm

ia64:
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
73e0d1fb22c73ed95e47257a6da1b129 openssl-0.9.7a-43.14.ia64.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
619771b33a1c3e6976889e68a185151e openssl-debuginfo-0.9.7a-43.14.ia64.rpm
b0b3d7b2d3772a89f428c868a62da176 openssl-devel-0.9.7a-43.14.ia64.rpm
5dde996b5bac48158eb076686aeab2c4 openssl-perl-0.9.7a-43.14.ia64.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
617658bda3b36c2b62810f8fad8bf5ad openssl096b-0.9.6b-22.46.ia64.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm
d7c661fe81fa6f6399d56dbeae00d472 openssl096b-debuginfo-0.9.6b-22.46.ia64.rpm

x86_64:
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
f0985b8088804e3bd7309b1ca2ca1d21 openssl-0.9.7a-43.14.x86_64.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
9183de3c43f771befacfaa209b0bc729 openssl-debuginfo-0.9.7a-43.14.x86_64.rpm
9a489c77daf969a867f3f18bee4bb6aa openssl-devel-0.9.7a-43.14.x86_64.rpm
d16bd233156bf495de3854d2d915c5c3 openssl-perl-0.9.7a-43.14.x86_64.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
48478bec0a72ec719a31f60ddb376dad openssl096b-0.9.6b-22.46.x86_64.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm
1bb29a26566a95cb8b8c3652b9e74c53 openssl096b-debuginfo-0.9.6b-22.46.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.14.src.rpm
d833a111c7c142e838e21b46c2d3d3ca openssl-0.9.7a-43.14.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.46.src.rpm
2294eea329ff59ad7e7b04331c46e485 openssl096b-0.9.6b-22.46.src.rpm

i386:
064f523a3b6f886949031d85902a74e0 openssl-0.9.7a-43.14.i386.rpm
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
0dac0adc8a723aa926cd932268bde04f openssl-debuginfo-0.9.7a-43.14.i386.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
7591b0a079addeaed3ca622c61b170d2 openssl-devel-0.9.7a-43.14.i386.rpm
e4b978822f9e39a4b1095690f2de6ab3 openssl-perl-0.9.7a-43.14.i386.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm

ia64:
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
73e0d1fb22c73ed95e47257a6da1b129 openssl-0.9.7a-43.14.ia64.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
619771b33a1c3e6976889e68a185151e openssl-debuginfo-0.9.7a-43.14.ia64.rpm
b0b3d7b2d3772a89f428c868a62da176 openssl-devel-0.9.7a-43.14.ia64.rpm
5dde996b5bac48158eb076686aeab2c4 openssl-perl-0.9.7a-43.14.ia64.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
617658bda3b36c2b62810f8fad8bf5ad openssl096b-0.9.6b-22.46.ia64.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm
d7c661fe81fa6f6399d56dbeae00d472 openssl096b-debuginfo-0.9.6b-22.46.ia64.rpm

x86_64:
f2b76677a5e6cc4d2a55e78eb56a4fdb openssl-0.9.7a-43.14.i686.rpm
f0985b8088804e3bd7309b1ca2ca1d21 openssl-0.9.7a-43.14.x86_64.rpm
f01455b59465880a038ded678431226b openssl-debuginfo-0.9.7a-43.14.i686.rpm
9183de3c43f771befacfaa209b0bc729 openssl-debuginfo-0.9.7a-43.14.x86_64.rpm
9a489c77daf969a867f3f18bee4bb6aa openssl-devel-0.9.7a-43.14.x86_64.rpm
d16bd233156bf495de3854d2d915c5c3 openssl-perl-0.9.7a-43.14.x86_64.rpm
afb33c059e8edb6b092a5e6ed247d191 openssl096b-0.9.6b-22.46.i386.rpm
48478bec0a72ec719a31f60ddb376dad openssl096b-0.9.6b-22.46.x86_64.rpm
d21be7a4dbf227fe8c96fe8c365f6b6e openssl096b-debuginfo-0.9.6b-22.46.i386.rpm
1bb29a26566a95cb8b8c3652b9e74c53 openssl096b-debuginfo-0.9.6b-22.46.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://www.openssl.org/news/secadv_20060928.txt
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD4DBQFFHGhiXlSAg2UNWIIRAu2nAJYmwwtHpc8OC4IXFDMeFwIFJztXAKCgqcYG
qrzF4JgziN2vb1RzGtlVrA==
=3avm
-----END PGP SIGNATURE-----