Subject: | |
From: | |
Reply To: | |
Date: | Mon, 13 Dec 2010 14:46:22 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: openssl security update
Issue date: 2010-12-13
CVE Names: CVE-2008-7270 CVE-2009-3245 CVE-2010-4180
A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server
code. A remote attacker could possibly use this flaw to change the
ciphersuite associated with a cached session stored on the server, if
the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option,
possibly forcing the client to use a weaker ciphersuite after resuming
the session. (CVE-2010-4180, CVE-2008-7270)
Note: With this update, setting the
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this
bug workaround can no longer be enabled.
It was discovered that OpenSSL did not always check the return value of
the bn_wexpand() function. An attacker able to trigger a memory
allocation failure in that function could possibly crash an application
using the OpenSSL library and its UBSEC hardware engine support.
(CVE-2009-3245 - SL4 Only)
For the update to take effect, all services linked to the OpenSSL
library must be restarted, or the system rebooted.
SL 4.x
SRPMS:
openssl-0.9.7a-43.17.el4_8.6.src.rpm
i386:
openssl-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm
x86_64:
openssl-0.9.7a-43.17.el4_8.6.i686.rpm
openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm
SL 5.x
SRPMS:
openssl-0.9.8e-12.el5_5.7.src.rpm
i386:
openssl-0.9.8e-12.el5_5.7.i386.rpm
openssl-0.9.8e-12.el5_5.7.i686.rpm
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm
openssl-perl-0.9.8e-12.el5_5.7.i386.rpm
x86_64:
openssl-0.9.8e-12.el5_5.7.i686.rpm
openssl-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-devel-0.9.8e-12.el5_5.7.i386.rpm
openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm
openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|