Synopsis:          Moderate: openssl security update
Advisory ID:       SLSA-2014:1653-1
Issue Date:        2014-10-16
CVE Numbers:       CVE-2014-3566
--

This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0. The
SSL 3.0 protocol was found to be vulnerable to the padding oracle attack
when using block cipher suites in cipher block chaining (CBC) mode. This
issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.

For additional information about this flaw, see Upstream's Knowledgebase article
at https://access.redhat.com/articles/1232123

For the update to take effect, all services linked to the OpenSSL library 
(such as httpd and other SSL-enabled services) must be
restarted or the system rebooted.
--

SL5
  x86_64
    openssl-0.9.8e-31.el5_11.i686.rpm
    openssl-0.9.8e-31.el5_11.x86_64.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm
    openssl-perl-0.9.8e-31.el5_11.x86_64.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    openssl-devel-0.9.8e-31.el5_11.i386.rpm
    openssl-devel-0.9.8e-31.el5_11.x86_64.rpm
  i386
    openssl-0.9.8e-31.el5_11.i386.rpm
    openssl-0.9.8e-31.el5_11.i686.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm
    openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm
    openssl-perl-0.9.8e-31.el5_11.i386.rpm
    openssl-devel-0.9.8e-31.el5_11.i386.rpm

- Scientific Linux Development Team