[RHSA-2015:1072] openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A flaw was found in the way the TLS protocol composes the Diffie-Hellman
(DH) key exchange. A man-in-the-middle attacker could use this flaw to
force the use of weak 512 bit export-grade keys during the key exchange,
allowing them do decrypt all traffic. (CVE-2015-4000)
Note: This update forces the TLS/SSL client implementation in OpenSSL to
reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Future updates may raise this limit to
1024 bits.
All openssl users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.
- ID
- RHSA-2015:1072
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2015:1072
- Published
-
2015-06-04T00:00:00
(9 years ago) - Modified
-
2015-06-04T00:00:00
(9 years ago) - Rights
- Copyright 2015 Red Hat, Inc.
- Other Advisories
-
- ALAS-2015-550
- ALAS-2015-569
- ALAS-2015-570
- ALAS-2015-571
- ALAS-2015-586
- DSA-3287-1
- DSA-3300-1
- DSA-3316-1
- DSA-3324-1
- DSA-3339-1
- DSA-3688-1
- ELSA-2015-1072
- ELSA-2015-1185
- ELSA-2015-1197
- ELSA-2015-1228
- ELSA-2015-1229
- ELSA-2015-1230
- ELSA-2015-1526
- FEDORA-2015-10047
- FEDORA-2015-10108
- FEDORA-2015-11414
- FEDORA-2015-11475
- FEDORA-2015-9048
- FEDORA-2015-9130
- FEDORA-2015-9161
- FREEBSD:44D9DAEE-940C-4179-86BB-6E3FFD617869
- FREEBSD:8305E215-1080-11E5-8BA2-000C2980A9F3
- GLSA-201506-02
- GLSA-201512-10
- GLSA-201603-11
- GLSA-201605-06
- GLSA-201701-46
- RHSA-2015:1185
- RHSA-2015:1228
- RHSA-2015:1229
- RHSA-2015:1485
- RHSA-2015:1486
- RHSA-2015:1526
- RHSA-2015:1544
- SUSE-SU-2015:0182-2
- SUSE-SU-2015:0543-1
- SUSE-SU-2015:0545-1
- SUSE-SU-2015:0545-2
- SUSE-SU-2015:0546-1
- SUSE-SU-2015:0547-1
- SUSE-SU-2015:0578-1
- SUSE-SU-2015:0620-1
- SUSE-SU-2015:0946-1
- SUSE-SU-2015:1143-1
- SUSE-SU-2015:1150-1
- SUSE-SU-2015:1177-1
- SUSE-SU-2015:1177-2
- SUSE-SU-2015:1182-1
- SUSE-SU-2015:1182-2
- SUSE-SU-2015:1183-1
- SUSE-SU-2015:1183-2
- SUSE-SU-2015:1184-1
- SUSE-SU-2015:1184-2
- SUSE-SU-2015:1185-1
- SUSE-SU-2015:1268-1
- SUSE-SU-2015:1268-2
- SUSE-SU-2015:1269-1
- SUSE-SU-2015:1319-1
- SUSE-SU-2015:1320-1
- SUSE-SU-2015:1329-1
- SUSE-SU-2015:1331-1
- SUSE-SU-2015:1345-1
- SUSE-SU-2015:1375-1
- SUSE-SU-2015:1449-1
- SUSE-SU-2015:1482-1
- SUSE-SU-2015:1509-1
- SUSE-SU-2015:1526-1
- SUSE-SU-2015:1544-1
- SUSE-SU-2015:1581-1
- SUSE-SU-2015:1663-1
- SUSE-SU-2015:1695-1
- SUSE-SU-2015:1840-1
- SUSE-SU-2015:1851-1
- SUSE-SU-2016:0224-1
- SUSE-SU-2016:0262-1
- SUSE-SU-2016:0344-1
- SUSE-SU-2016:1618-1
- SUSE-SU-2016:2209-1
- SUSE-SU-2016:2385-1
- SUSE-SU-2018:1768-1
- SUSE-SU-2023:0586-1
- SUSE-SU-2023:4506-1
- SUSE-SU-2023:4507-1
- USN-2656-1
- USN-2656-2
- USN-2673-1
- USN-2696-1
- USN-2706-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1223211 | https://bugzilla.redhat.com/1223211 | |
RHSA | RHSA-2015:1072 | https://access.redhat.com/errata/RHSA-2015:1072 | |
CVE | CVE-2015-4000 | https://access.redhat.com/security/cve/CVE-2015-4000 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/openssl?arch=x86_64&distro=redhat-6.6 | redhat | openssl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | x86_64 | |
Affected | pkg:rpm/redhat/openssl?arch=s390x&distro=redhat-6.6 | redhat | openssl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | s390x | |
Affected | pkg:rpm/redhat/openssl?arch=s390&distro=redhat-6.6 | redhat | openssl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | s390 | |
Affected | pkg:rpm/redhat/openssl?arch=ppc64&distro=redhat-6.6 | redhat | openssl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | ppc64 | |
Affected | pkg:rpm/redhat/openssl?arch=ppc&distro=redhat-6.6 | redhat | openssl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | ppc | |
Affected | pkg:rpm/redhat/openssl?arch=i686&distro=redhat-6.6 | redhat | openssl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | i686 | |
Affected | pkg:rpm/redhat/openssl-static?arch=x86_64&distro=redhat-6.6 | redhat | openssl-static | < 1.0.1e-30.el6_6.9 | redhat-6.6 | x86_64 | |
Affected | pkg:rpm/redhat/openssl-static?arch=s390x&distro=redhat-6.6 | redhat | openssl-static | < 1.0.1e-30.el6_6.9 | redhat-6.6 | s390x | |
Affected | pkg:rpm/redhat/openssl-static?arch=ppc64&distro=redhat-6.6 | redhat | openssl-static | < 1.0.1e-30.el6_6.9 | redhat-6.6 | ppc64 | |
Affected | pkg:rpm/redhat/openssl-static?arch=i686&distro=redhat-6.6 | redhat | openssl-static | < 1.0.1e-30.el6_6.9 | redhat-6.6 | i686 | |
Affected | pkg:rpm/redhat/openssl-perl?arch=x86_64&distro=redhat-6.6 | redhat | openssl-perl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | x86_64 | |
Affected | pkg:rpm/redhat/openssl-perl?arch=s390x&distro=redhat-6.6 | redhat | openssl-perl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | s390x | |
Affected | pkg:rpm/redhat/openssl-perl?arch=ppc64&distro=redhat-6.6 | redhat | openssl-perl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | ppc64 | |
Affected | pkg:rpm/redhat/openssl-perl?arch=i686&distro=redhat-6.6 | redhat | openssl-perl | < 1.0.1e-30.el6_6.9 | redhat-6.6 | i686 | |
Affected | pkg:rpm/redhat/openssl-devel?arch=x86_64&distro=redhat-6.6 | redhat | openssl-devel | < 1.0.1e-30.el6_6.9 | redhat-6.6 | x86_64 | |
Affected | pkg:rpm/redhat/openssl-devel?arch=s390x&distro=redhat-6.6 | redhat | openssl-devel | < 1.0.1e-30.el6_6.9 | redhat-6.6 | s390x | |
Affected | pkg:rpm/redhat/openssl-devel?arch=s390&distro=redhat-6.6 | redhat | openssl-devel | < 1.0.1e-30.el6_6.9 | redhat-6.6 | s390 | |
Affected | pkg:rpm/redhat/openssl-devel?arch=ppc64&distro=redhat-6.6 | redhat | openssl-devel | < 1.0.1e-30.el6_6.9 | redhat-6.6 | ppc64 | |
Affected | pkg:rpm/redhat/openssl-devel?arch=ppc&distro=redhat-6.6 | redhat | openssl-devel | < 1.0.1e-30.el6_6.9 | redhat-6.6 | ppc | |
Affected | pkg:rpm/redhat/openssl-devel?arch=i686&distro=redhat-6.6 | redhat | openssl-devel | < 1.0.1e-30.el6_6.9 | redhat-6.6 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |