[RHSA-2015:1072] openssl security update

Severity Moderate

Affected Packages 20

CVEs 1

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A flaw was found in the way the TLS protocol composes the Diffie-Hellman
(DH) key exchange. A man-in-the-middle attacker could use this flaw to
force the use of weak 512 bit export-grade keys during the key exchange,
allowing them do decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenSSL to
reject DH key sizes below 768 bits, which prevents sessions to be
downgraded to export-grade keys. Future updates may raise this limit to
1024 bits.

All openssl users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.

Package	Affected Version
pkg:rpm/redhat/openssl?arch=x86_64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl?arch=s390x&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl?arch=s390&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl?arch=ppc64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl?arch=ppc&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl?arch=i686&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-static?arch=x86_64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-static?arch=s390x&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-static?arch=ppc64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-static?arch=i686&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-perl?arch=x86_64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-perl?arch=s390x&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-perl?arch=ppc64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-perl?arch=i686&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-devel?arch=x86_64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-devel?arch=s390x&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-devel?arch=s390&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-devel?arch=ppc64&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-devel?arch=ppc&distro=redhat-6.6	< 1.0.1e-30.el6_6.9
pkg:rpm/redhat/openssl-devel?arch=i686&distro=redhat-6.6	< 1.0.1e-30.el6_6.9

ID

RHSA-2015:1072

Severity

moderate

URL

https://access.redhat.com/errata/RHSA-2015:1072

Published

2015-06-04T00:00:00
(9 years ago)

Modified

2015-06-04T00:00:00
(9 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1223211	https://bugzilla.redhat.com/1223211
RHSA	RHSA-2015:1072	https://access.redhat.com/errata/RHSA-2015:1072
CVE	CVE-2015-4000	https://access.redhat.com/security/cve/CVE-2015-4000

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/openssl?arch=x86_64&distro=redhat-6.6	redhat	openssl	< 1.0.1e-30.el6_6.9	redhat-6.6	x86_64
Affected	pkg:rpm/redhat/openssl?arch=s390x&distro=redhat-6.6	redhat	openssl	< 1.0.1e-30.el6_6.9	redhat-6.6	s390x
Affected	pkg:rpm/redhat/openssl?arch=s390&distro=redhat-6.6	redhat	openssl	< 1.0.1e-30.el6_6.9	redhat-6.6	s390
Affected	pkg:rpm/redhat/openssl?arch=ppc64&distro=redhat-6.6	redhat	openssl	< 1.0.1e-30.el6_6.9	redhat-6.6	ppc64
Affected	pkg:rpm/redhat/openssl?arch=ppc&distro=redhat-6.6	redhat	openssl	< 1.0.1e-30.el6_6.9	redhat-6.6	ppc
Affected	pkg:rpm/redhat/openssl?arch=i686&distro=redhat-6.6	redhat	openssl	< 1.0.1e-30.el6_6.9	redhat-6.6	i686
Affected	pkg:rpm/redhat/openssl-static?arch=x86_64&distro=redhat-6.6	redhat	openssl-static	< 1.0.1e-30.el6_6.9	redhat-6.6	x86_64
Affected	pkg:rpm/redhat/openssl-static?arch=s390x&distro=redhat-6.6	redhat	openssl-static	< 1.0.1e-30.el6_6.9	redhat-6.6	s390x
Affected	pkg:rpm/redhat/openssl-static?arch=ppc64&distro=redhat-6.6	redhat	openssl-static	< 1.0.1e-30.el6_6.9	redhat-6.6	ppc64
Affected	pkg:rpm/redhat/openssl-static?arch=i686&distro=redhat-6.6	redhat	openssl-static	< 1.0.1e-30.el6_6.9	redhat-6.6	i686
Affected	pkg:rpm/redhat/openssl-perl?arch=x86_64&distro=redhat-6.6	redhat	openssl-perl	< 1.0.1e-30.el6_6.9	redhat-6.6	x86_64
Affected	pkg:rpm/redhat/openssl-perl?arch=s390x&distro=redhat-6.6	redhat	openssl-perl	< 1.0.1e-30.el6_6.9	redhat-6.6	s390x
Affected	pkg:rpm/redhat/openssl-perl?arch=ppc64&distro=redhat-6.6	redhat	openssl-perl	< 1.0.1e-30.el6_6.9	redhat-6.6	ppc64
Affected	pkg:rpm/redhat/openssl-perl?arch=i686&distro=redhat-6.6	redhat	openssl-perl	< 1.0.1e-30.el6_6.9	redhat-6.6	i686
Affected	pkg:rpm/redhat/openssl-devel?arch=x86_64&distro=redhat-6.6	redhat	openssl-devel	< 1.0.1e-30.el6_6.9	redhat-6.6	x86_64
Affected	pkg:rpm/redhat/openssl-devel?arch=s390x&distro=redhat-6.6	redhat	openssl-devel	< 1.0.1e-30.el6_6.9	redhat-6.6	s390x
Affected	pkg:rpm/redhat/openssl-devel?arch=s390&distro=redhat-6.6	redhat	openssl-devel	< 1.0.1e-30.el6_6.9	redhat-6.6	s390
Affected	pkg:rpm/redhat/openssl-devel?arch=ppc64&distro=redhat-6.6	redhat	openssl-devel	< 1.0.1e-30.el6_6.9	redhat-6.6	ppc64
Affected	pkg:rpm/redhat/openssl-devel?arch=ppc&distro=redhat-6.6	redhat	openssl-devel	< 1.0.1e-30.el6_6.9	redhat-6.6	ppc
Affected	pkg:rpm/redhat/openssl-devel?arch=i686&distro=redhat-6.6	redhat	openssl-devel	< 1.0.1e-30.el6_6.9	redhat-6.6	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date