[RHSA-2016:0008] openssl security update

Severity Moderate

Affected Packages 20

CVEs 1

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A flaw was found in the way TLS 1.2 could use the MD5 hash function for
signing ServerKeyExchange and Client Authentication packets during a TLS
handshake. A man-in-the-middle attacker able to force a TLS connection to
use the MD5 hash function could use this flaw to conduct collision attacks
to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)

All openssl users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.

Package	Affected Version
pkg:rpm/redhat/openssl?arch=x86_64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl?arch=s390x&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl?arch=s390&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl?arch=ppc64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl?arch=ppc&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl?arch=i686&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-static?arch=x86_64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-static?arch=s390x&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-static?arch=ppc64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-static?arch=i686&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-perl?arch=x86_64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-perl?arch=s390x&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-perl?arch=ppc64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-perl?arch=i686&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-devel?arch=x86_64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-devel?arch=s390x&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-devel?arch=s390&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-devel?arch=ppc64&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-devel?arch=ppc&distro=redhat-6.7	< 1.0.1e-42.el6_7.2
pkg:rpm/redhat/openssl-devel?arch=i686&distro=redhat-6.7	< 1.0.1e-42.el6_7.2

ID

RHSA-2016:0008

Severity

moderate

URL

https://access.redhat.com/errata/RHSA-2016:0008

Published

2016-01-08T00:00:00
(8 years ago)

Modified

2016-01-08T00:00:00
(8 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1289841	https://bugzilla.redhat.com/1289841
RHSA	RHSA-2016:0008	https://access.redhat.com/errata/RHSA-2016:0008
CVE	CVE-2015-7575	https://access.redhat.com/security/cve/CVE-2015-7575

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/openssl?arch=x86_64&distro=redhat-6.7	redhat	openssl	< 1.0.1e-42.el6_7.2	redhat-6.7	x86_64
Affected	pkg:rpm/redhat/openssl?arch=s390x&distro=redhat-6.7	redhat	openssl	< 1.0.1e-42.el6_7.2	redhat-6.7	s390x
Affected	pkg:rpm/redhat/openssl?arch=s390&distro=redhat-6.7	redhat	openssl	< 1.0.1e-42.el6_7.2	redhat-6.7	s390
Affected	pkg:rpm/redhat/openssl?arch=ppc64&distro=redhat-6.7	redhat	openssl	< 1.0.1e-42.el6_7.2	redhat-6.7	ppc64
Affected	pkg:rpm/redhat/openssl?arch=ppc&distro=redhat-6.7	redhat	openssl	< 1.0.1e-42.el6_7.2	redhat-6.7	ppc
Affected	pkg:rpm/redhat/openssl?arch=i686&distro=redhat-6.7	redhat	openssl	< 1.0.1e-42.el6_7.2	redhat-6.7	i686
Affected	pkg:rpm/redhat/openssl-static?arch=x86_64&distro=redhat-6.7	redhat	openssl-static	< 1.0.1e-42.el6_7.2	redhat-6.7	x86_64
Affected	pkg:rpm/redhat/openssl-static?arch=s390x&distro=redhat-6.7	redhat	openssl-static	< 1.0.1e-42.el6_7.2	redhat-6.7	s390x
Affected	pkg:rpm/redhat/openssl-static?arch=ppc64&distro=redhat-6.7	redhat	openssl-static	< 1.0.1e-42.el6_7.2	redhat-6.7	ppc64
Affected	pkg:rpm/redhat/openssl-static?arch=i686&distro=redhat-6.7	redhat	openssl-static	< 1.0.1e-42.el6_7.2	redhat-6.7	i686
Affected	pkg:rpm/redhat/openssl-perl?arch=x86_64&distro=redhat-6.7	redhat	openssl-perl	< 1.0.1e-42.el6_7.2	redhat-6.7	x86_64
Affected	pkg:rpm/redhat/openssl-perl?arch=s390x&distro=redhat-6.7	redhat	openssl-perl	< 1.0.1e-42.el6_7.2	redhat-6.7	s390x
Affected	pkg:rpm/redhat/openssl-perl?arch=ppc64&distro=redhat-6.7	redhat	openssl-perl	< 1.0.1e-42.el6_7.2	redhat-6.7	ppc64
Affected	pkg:rpm/redhat/openssl-perl?arch=i686&distro=redhat-6.7	redhat	openssl-perl	< 1.0.1e-42.el6_7.2	redhat-6.7	i686
Affected	pkg:rpm/redhat/openssl-devel?arch=x86_64&distro=redhat-6.7	redhat	openssl-devel	< 1.0.1e-42.el6_7.2	redhat-6.7	x86_64
Affected	pkg:rpm/redhat/openssl-devel?arch=s390x&distro=redhat-6.7	redhat	openssl-devel	< 1.0.1e-42.el6_7.2	redhat-6.7	s390x
Affected	pkg:rpm/redhat/openssl-devel?arch=s390&distro=redhat-6.7	redhat	openssl-devel	< 1.0.1e-42.el6_7.2	redhat-6.7	s390
Affected	pkg:rpm/redhat/openssl-devel?arch=ppc64&distro=redhat-6.7	redhat	openssl-devel	< 1.0.1e-42.el6_7.2	redhat-6.7	ppc64
Affected	pkg:rpm/redhat/openssl-devel?arch=ppc&distro=redhat-6.7	redhat	openssl-devel	< 1.0.1e-42.el6_7.2	redhat-6.7	ppc
Affected	pkg:rpm/redhat/openssl-devel?arch=i686&distro=redhat-6.7	redhat	openssl-devel	< 1.0.1e-42.el6_7.2	redhat-6.7	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date