--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated openssl packages fix protocol parsing bugs Advisory ID: RHSA-2002:160-21 Issue date: 2002-07-29 Updated on: 2002-08-05 Product: Red Hat Linux Keywords: OpenSSL ASN.1 abstract syntax notation Cross references: Obsoletes: RHSA-2002:155 CVE Names: CAN-2002-0659 --------------------------------------------------------------------- 1. Topic: Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix multiple protocol parsing bugs which may be used in a denial of service (DoS) attack or cause SSL-enabled applications to crash. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, i686, ia64 Red Hat Linux 7.3 - i386, i686 3. Problem description: OpenSSL is a commercial-grade, full-featured, and open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Portions of the SSL protocol data stream, which include the lengths of structures which are being transferred, may not be properly validated. This may allow a malicious server or client to cause an affected application to crash or enter an infinite loop, which can be used as a denial of service (DoS) attack if the application is a server. It has not been verified if this issue could lead to further consequences such as remote code execution. These errata packages contain a patch to correct this vulnerability. Please note that the original patch from the OpenSSL team had a mistake in it which could possibly still allow buffer overflows to occur. This bug is also fixed in these errata packages. NOTE: Please read the Solution section below as it contains instructions for making sure that all SSL-enabled processes are restarted after the update is applied. Thanks go to the OpenSSL team for providing patches for this issue. 4. Solution: Because both client and server applications are affected by these vulnerabilities, we advise users to reboot their systems after installing these updates. Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 6. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/openssl-0.9.5a-29.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/openssl-0.9.5a-29.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/openssl-devel-0.9.5a-29.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/openssl-perl-0.9.5a-29.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/openssl-python-0.9.5a-29.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/openssl-0.9.5a-29.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/openssl-devel-0.9.5a-29.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/openssl-perl-0.9.5a-29.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/openssl-python-0.9.5a-29.i386.rpm sparc: ftp://updates.redhat.com/6.2/en/os/sparc/openssl-0.9.5a-29.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/openssl-devel-0.9.5a-29.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/openssl-perl-0.9.5a-29.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/openssl-python-0.9.5a-29.sparc.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl-0.9.6-13.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/openssl-0.9.6-13.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/openssl095a-0.9.5a-18.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/openssl-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/openssl-devel-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/openssl-perl-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/openssl-python-0.9.6-13.i386.rpm Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl-0.9.6-13.src.rpm alpha: ftp://updates.redhat.com/7.1/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/openssl-0.9.6-13.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/openssl095a-0.9.5a-18.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/openssl-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/openssl-devel-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/openssl-perl-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/openssl-python-0.9.6-13.i386.rpm ia64: ftp://updates.redhat.com/7.1/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/openssl-0.9.6-13.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/openssl-devel-0.9.6-13.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/openssl-perl-0.9.6-13.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/openssl-python-0.9.6-13.ia64.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl096-0.9.6-13.src.rpm ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl-0.9.6b-28.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/openssl095a-0.9.5a-18.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/openssl096-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/openssl-0.9.6b-28.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm i686: ftp://updates.redhat.com/7.2/en/os/i686/openssl-0.9.6b-28.i686.rpm ia64: ftp://updates.redhat.com/7.2/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/openssl096-0.9.6-13.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/openssl-0.9.6b-28.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-28.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-28.ia64.rpm Red Hat Linux 7.3: SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl096-0.9.6-13.src.rpm ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl-0.9.6b-28.src.rpm i386: ftp://updates.redhat.com/7.3/en/os/i386/openssl095a-0.9.5a-18.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/openssl096-0.9.6-13.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/openssl-0.9.6b-28.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm i686: ftp://updates.redhat.com/7.3/en/os/i686/openssl-0.9.6b-28.i686.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 88d1df818d80fc96b3684a18265f37f6 6.2/en/os/SRPMS/openssl-0.9.5a-29.src.rpm 25a6501a6cd4e5b7986a2ebc9c691c65 6.2/en/os/alpha/openssl-0.9.5a-29.alpha.rpm 58f6ef313c176a3ef98ad4f5f7bb371a 6.2/en/os/alpha/openssl-devel-0.9.5a-29.alpha.rpm 39930828fdeadfb54902548bbc891485 6.2/en/os/alpha/openssl-perl-0.9.5a-29.alpha.rpm 52cb6e0558523d735ccfe172c1d6e8ab 6.2/en/os/alpha/openssl-python-0.9.5a-29.alpha.rpm e86b57e90b41a8e05db877a575fbe647 6.2/en/os/i386/openssl-0.9.5a-29.i386.rpm beb66819c6669d2e2cca1dd67d85f7f7 6.2/en/os/i386/openssl-devel-0.9.5a-29.i386.rpm eea8316e88ef8bf272535cd483482e1e 6.2/en/os/i386/openssl-perl-0.9.5a-29.i386.rpm 6b9bc5ee282d3f6f1373478ad3184c5e 6.2/en/os/i386/openssl-python-0.9.5a-29.i386.rpm e5537f71b2d492d27e8fab6b69a6cb16 6.2/en/os/sparc/openssl-0.9.5a-29.sparc.rpm 992013eaafb8595b7d1f0cc0c89b0142 6.2/en/os/sparc/openssl-devel-0.9.5a-29.sparc.rpm dcc9ea6007e2e59f007910fa5e8cd9b5 6.2/en/os/sparc/openssl-perl-0.9.5a-29.sparc.rpm e1fa913fc868da6b89150ddb0ce62138 6.2/en/os/sparc/openssl-python-0.9.5a-29.sparc.rpm ee11260a7760ddf55b4ec7755b00b3a7 7.0/en/os/SRPMS/openssl-0.9.6-13.src.rpm 5ef4beb986cb64aaae2cfd5726a03659 7.0/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm aa89abcd401045500219b03d4903811b 7.0/en/os/alpha/openssl-0.9.6-13.alpha.rpm 8477aeb72e53df02ce6a59d37de7cb02 7.0/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm fff55b6d8a51b9c0b5d10dafcc7511e4 7.0/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm 168813d3974d63869120464765e34dd8 7.0/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm 92d8348414826ec4409e8d31e2513941 7.0/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm f3f805e9698affd543c42a55cbdbaba7 7.0/en/os/i386/openssl-0.9.6-13.i386.rpm f8d57d36b1dd4ef5bf0b89579ec229cd 7.0/en/os/i386/openssl-devel-0.9.6-13.i386.rpm e18c81476ad5db84dd3178639edbdd82 7.0/en/os/i386/openssl-perl-0.9.6-13.i386.rpm 7f20d329ca75dfce15c883d96ffbaf40 7.0/en/os/i386/openssl-python-0.9.6-13.i386.rpm 49b87abfb69a066756eed6441c226775 7.0/en/os/i386/openssl095a-0.9.5a-18.i386.rpm ee11260a7760ddf55b4ec7755b00b3a7 7.1/en/os/SRPMS/openssl-0.9.6-13.src.rpm 5ef4beb986cb64aaae2cfd5726a03659 7.1/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm aa89abcd401045500219b03d4903811b 7.1/en/os/alpha/openssl-0.9.6-13.alpha.rpm 8477aeb72e53df02ce6a59d37de7cb02 7.1/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm fff55b6d8a51b9c0b5d10dafcc7511e4 7.1/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm 168813d3974d63869120464765e34dd8 7.1/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm 92d8348414826ec4409e8d31e2513941 7.1/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm f3f805e9698affd543c42a55cbdbaba7 7.1/en/os/i386/openssl-0.9.6-13.i386.rpm f8d57d36b1dd4ef5bf0b89579ec229cd 7.1/en/os/i386/openssl-devel-0.9.6-13.i386.rpm e18c81476ad5db84dd3178639edbdd82 7.1/en/os/i386/openssl-perl-0.9.6-13.i386.rpm 7f20d329ca75dfce15c883d96ffbaf40 7.1/en/os/i386/openssl-python-0.9.6-13.i386.rpm 49b87abfb69a066756eed6441c226775 7.1/en/os/i386/openssl095a-0.9.5a-18.i386.rpm 279a924595d4fb05d9071174e57e61d5 7.1/en/os/ia64/openssl-0.9.6-13.ia64.rpm 50a5b0b5b5c13eaa4e397a7983839e5c 7.1/en/os/ia64/openssl-devel-0.9.6-13.ia64.rpm b115c9b4850610940584caf761fd9a86 7.1/en/os/ia64/openssl-perl-0.9.6-13.ia64.rpm 79baeddf64b07b3bfecb1ae71fe110a1 7.1/en/os/ia64/openssl-python-0.9.6-13.ia64.rpm f6615406c84745284f0e7e9b0d4d0d99 7.1/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm a502539af00bf8fc4f184542dbe2a57f 7.2/en/os/SRPMS/openssl-0.9.6b-28.src.rpm 5ef4beb986cb64aaae2cfd5726a03659 7.2/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm 79423e3818cf2d6997f440d8878b5b5c 7.2/en/os/SRPMS/openssl096-0.9.6-13.src.rpm c0a52c85725b1ecff52d9c1372472360 7.2/en/os/i386/openssl-0.9.6b-28.i386.rpm bdf9826263203f54685e81bb71815fd0 7.2/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm 98fd036fc344c1a058d7d62c0cdbdeef 7.2/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm 49b87abfb69a066756eed6441c226775 7.2/en/os/i386/openssl095a-0.9.5a-18.i386.rpm f8852fa073d9e6462264c98c694339be 7.2/en/os/i386/openssl096-0.9.6-13.i386.rpm aec758aeb92b8f6b49365374e7896877 7.2/en/os/i686/openssl-0.9.6b-28.i686.rpm c95cd939889b64b199fd477d950d1bad 7.2/en/os/ia64/openssl-0.9.6b-28.ia64.rpm ad2477c7f4b611c7c800eedd8856489a 7.2/en/os/ia64/openssl-devel-0.9.6b-28.ia64.rpm 8e4b14c78ed76602a0e377c7559b0747 7.2/en/os/ia64/openssl-perl-0.9.6b-28.ia64.rpm f6615406c84745284f0e7e9b0d4d0d99 7.2/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm 975e5824273ba98163fe9efe841053c5 7.2/en/os/ia64/openssl096-0.9.6-13.ia64.rpm a502539af00bf8fc4f184542dbe2a57f 7.3/en/os/SRPMS/openssl-0.9.6b-28.src.rpm 5ef4beb986cb64aaae2cfd5726a03659 7.3/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm 79423e3818cf2d6997f440d8878b5b5c 7.3/en/os/SRPMS/openssl096-0.9.6-13.src.rpm c0a52c85725b1ecff52d9c1372472360 7.3/en/os/i386/openssl-0.9.6b-28.i386.rpm bdf9826263203f54685e81bb71815fd0 7.3/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm 98fd036fc344c1a058d7d62c0cdbdeef 7.3/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm 49b87abfb69a066756eed6441c226775 7.3/en/os/i386/openssl095a-0.9.5a-18.i386.rpm f8852fa073d9e6462264c98c694339be 7.3/en/os/i386/openssl096-0.9.6-13.i386.rpm aec758aeb92b8f6b49365374e7896877 7.3/en/os/i686/openssl-0.9.6b-28.i686.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list