Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: openssl security update
Advisory ID: RHSA-2007:0964-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0964.html
Issue date: 2007-10-12
Updated on: 2007-10-12
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3108 CVE-2007-4995 CVE-2007-5135
- ---------------------------------------------------------------------

1. Summary:

Updated OpenSSL packages that correct several security issues are now
available for Red Hat Enterprise 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library. Datagram TLS (DTLS) is a protocol
based on TLS that is capable of securing datagram transport (UDP for
instance).

The OpenSSL security team discovered a flaw in DTLS support. An attacker
could create a malicious client or server that could trigger a heap
overflow. This is possibly exploitable to run arbitrary code, but it has
not been verified (CVE-2007-5135). Note that this flaw only affects
applications making use of DTLS. Red Hat does not ship any DTLS client or
server applications in Red Hat Enterprise Linux.

A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-4995). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.

A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being
used on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches
designed to mitigate these issues. (CVE-2007-3108).

Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Please note that the fix for the DTLS flaw involved an overhaul of the DTLS
handshake processing which may introduce incompatibilities if a new client
is used with an older server.

After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

245732 - CVE-2007-3108 RSA side-channel attack
309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one
321191 - CVE-2007-4995 openssl dtls out of order vulnerabilitiy

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm
0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm

i386:
66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm

x86_64:
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm
2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm
0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm

i386:
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm

x86_64:
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm
168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm
0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm

i386:
66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm
998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm

ia64:
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
b025d862ca952a0289f55e04156cedb0 openssl-0.9.8b-8.3.el5_0.2.ia64.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
d0998e6d8191b972a01ddab5e222c0c8 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ia64.rpm
e8766e171cebbc2897f0642a0add2244 openssl-devel-0.9.8b-8.3.el5_0.2.ia64.rpm
270be09d92822984dee0c4d7e786fce3 openssl-perl-0.9.8b-8.3.el5_0.2.ia64.rpm

ppc:
1141cf40960ae39388e4e8eeebc801b2 openssl-0.9.8b-8.3.el5_0.2.ppc.rpm
e30551ffb11d12b7252f95fa3a5a10c5 openssl-0.9.8b-8.3.el5_0.2.ppc64.rpm
83d060df03f60db508c5c8e7aaf35a3c openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc.rpm
db703c98b117309f1c3a51524e1f9889 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc64.rpm
a9b31f8ab0d0be84bf4a4c6a7f061187 openssl-devel-0.9.8b-8.3.el5_0.2.ppc.rpm
ae7a02136749eb6add2064d575fe2358 openssl-devel-0.9.8b-8.3.el5_0.2.ppc64.rpm
9552d697daafba170ecd82a0e265292a openssl-perl-0.9.8b-8.3.el5_0.2.ppc.rpm

s390x:
b82c768d8fbb7ed7d62d867df39b96e5 openssl-0.9.8b-8.3.el5_0.2.s390.rpm
56868f24204f584792594cbec2744517 openssl-0.9.8b-8.3.el5_0.2.s390x.rpm
eb5842143f9b0cd8e801969784673e07 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390.rpm
16125099c4d353a157e231cbb178ada4 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390x.rpm
d1fdcc96b1e94d70339efe6ae9850ab7 openssl-devel-0.9.8b-8.3.el5_0.2.s390.rpm
f7ee8f120dbbebbc5a0a51b3e9f6a86b openssl-devel-0.9.8b-8.3.el5_0.2.s390x.rpm
e543b01864c8ef794d90fc680ba1698d openssl-perl-0.9.8b-8.3.el5_0.2.s390x.rpm

x86_64:
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm
168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm
2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
http://www.openssl.org/news/secadv_20071012.txt
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHD1vxXlSAg2UNWIIRAk+5AKCmcMF7Oqfm1fKUNVtsnq3NUXaLbACgmgQv
CgoN8N+kDwk1ouxGI6/bocM=
=nhaG
-----END PGP SIGNATURE-----