LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: 'openssl' Denial of service vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2,and 7.3. These updates fix multiple protocol parsing bugs which may be usedin a denial of service (DoS) attack or cause SSL-enabled applications to crash.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated openssl packages fix protocol parsing bugs
Advisory ID:       RHSA-2002:160-21
Issue date:        2002-07-29
Updated on:        2002-08-05
Product:           Red Hat Linux
Keywords:          OpenSSL ASN.1 abstract syntax notation
Cross references:  
Obsoletes:         RHSA-2002:155
CVE Names:         CAN-2002-0659
---------------------------------------------------------------------

1. Topic:

Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2,
and 7.3. These updates fix multiple protocol parsing bugs which may be used
in a denial of service (DoS) attack or cause SSL-enabled applications to crash.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386, i686, ia64

Red Hat Linux 7.3 - i386, i686

3. Problem description:

OpenSSL is a commercial-grade, full-featured, and open source toolkit which
implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library.

Portions of the SSL protocol data stream, which include the lengths of
structures which are being transferred, may not be properly validated. This
may allow a malicious server or client to cause an affected application to
crash or enter an infinite loop, which can be used as a denial of service
(DoS) attack if the application is a server. It has not been verified if
this issue could lead to further consequences such as remote code execution.

These errata packages contain a patch to correct this vulnerability. 
Please note that the original patch from the OpenSSL team had a mistake in
it which could possibly still allow buffer overflows to occur.  This bug is
also fixed in these errata packages.

NOTE:

Please read the Solution section below as it contains instructions for
making sure that all SSL-enabled processes are restarted after the update
is applied.

Thanks go to the OpenSSL team for providing patches for this issue.

4. Solution:

Because both client and server applications are affected by these
vulnerabilities, we advise users to reboot their systems after installing
these updates.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/openssl-0.9.5a-29.src.rpm

alpha: 
ftp://updates.Red Hat.com/6.2/en/os/alpha/openssl-0.9.5a-29.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/openssl-devel-0.9.5a-29.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/openssl-perl-0.9.5a-29.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/openssl-python-0.9.5a-29.alpha.rpm

i386: 
ftp://updates.Red Hat.com/6.2/en/os/i386/openssl-0.9.5a-29.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/openssl-devel-0.9.5a-29.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/openssl-perl-0.9.5a-29.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/openssl-python-0.9.5a-29.i386.rpm

sparc: 
ftp://updates.Red Hat.com/6.2/en/os/sparc/openssl-0.9.5a-29.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/openssl-devel-0.9.5a-29.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/openssl-perl-0.9.5a-29.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/openssl-python-0.9.5a-29.sparc.rpm

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/openssl-0.9.6-13.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.0/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/openssl-0.9.6-13.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/os/i386/openssl095a-0.9.5a-18.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/openssl-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/openssl-devel-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/openssl-perl-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/openssl-python-0.9.6-13.i386.rpm

Red Hat Linux 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/openssl-0.9.6-13.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.1/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/openssl-0.9.6-13.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/os/i386/openssl095a-0.9.5a-18.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/openssl-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/openssl-devel-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/openssl-perl-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/openssl-python-0.9.6-13.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.1/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/openssl-0.9.6-13.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/openssl-devel-0.9.6-13.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/openssl-perl-0.9.6-13.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/openssl-python-0.9.6-13.ia64.rpm

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/openssl096-0.9.6-13.src.rpm 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/openssl-0.9.6b-28.src.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/openssl095a-0.9.5a-18.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/openssl096-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/openssl-0.9.6b-28.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm

i686: 
ftp://updates.Red Hat.com/7.2/en/os/i686/openssl-0.9.6b-28.i686.rpm

ia64: 
ftp://updates.Red Hat.com/7.2/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/openssl096-0.9.6-13.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/openssl-0.9.6b-28.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-28.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-28.ia64.rpm

Red Hat Linux 7.3:

SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/openssl096-0.9.6-13.src.rpm 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/openssl-0.9.6b-28.src.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/openssl095a-0.9.5a-18.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/openssl096-0.9.6-13.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/openssl-0.9.6b-28.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm

i686: 
ftp://updates.Red Hat.com/7.3/en/os/i686/openssl-0.9.6b-28.i686.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
88d1df818d80fc96b3684a18265f37f6 6.2/en/os/SRPMS/openssl-0.9.5a-29.src.rpm
25a6501a6cd4e5b7986a2ebc9c691c65 6.2/en/os/alpha/openssl-0.9.5a-29.alpha.rpm
58f6ef313c176a3ef98ad4f5f7bb371a 6.2/en/os/alpha/openssl-devel-0.9.5a-29.alpha.rpm
39930828fdeadfb54902548bbc891485 6.2/en/os/alpha/openssl-perl-0.9.5a-29.alpha.rpm
52cb6e0558523d735ccfe172c1d6e8ab 6.2/en/os/alpha/openssl-python-0.9.5a-29.alpha.rpm
e86b57e90b41a8e05db877a575fbe647 6.2/en/os/i386/openssl-0.9.5a-29.i386.rpm
beb66819c6669d2e2cca1dd67d85f7f7 6.2/en/os/i386/openssl-devel-0.9.5a-29.i386.rpm
eea8316e88ef8bf272535cd483482e1e 6.2/en/os/i386/openssl-perl-0.9.5a-29.i386.rpm
6b9bc5ee282d3f6f1373478ad3184c5e 6.2/en/os/i386/openssl-python-0.9.5a-29.i386.rpm
e5537f71b2d492d27e8fab6b69a6cb16 6.2/en/os/sparc/openssl-0.9.5a-29.sparc.rpm
992013eaafb8595b7d1f0cc0c89b0142 6.2/en/os/sparc/openssl-devel-0.9.5a-29.sparc.rpm
dcc9ea6007e2e59f007910fa5e8cd9b5 6.2/en/os/sparc/openssl-perl-0.9.5a-29.sparc.rpm
e1fa913fc868da6b89150ddb0ce62138 6.2/en/os/sparc/openssl-python-0.9.5a-29.sparc.rpm
ee11260a7760ddf55b4ec7755b00b3a7 7.0/en/os/SRPMS/openssl-0.9.6-13.src.rpm
5ef4beb986cb64aaae2cfd5726a03659 7.0/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm
aa89abcd401045500219b03d4903811b 7.0/en/os/alpha/openssl-0.9.6-13.alpha.rpm
8477aeb72e53df02ce6a59d37de7cb02 7.0/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm
fff55b6d8a51b9c0b5d10dafcc7511e4 7.0/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm
168813d3974d63869120464765e34dd8 7.0/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm
92d8348414826ec4409e8d31e2513941 7.0/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm
f3f805e9698affd543c42a55cbdbaba7 7.0/en/os/i386/openssl-0.9.6-13.i386.rpm
f8d57d36b1dd4ef5bf0b89579ec229cd 7.0/en/os/i386/openssl-devel-0.9.6-13.i386.rpm
e18c81476ad5db84dd3178639edbdd82 7.0/en/os/i386/openssl-perl-0.9.6-13.i386.rpm
7f20d329ca75dfce15c883d96ffbaf40 7.0/en/os/i386/openssl-python-0.9.6-13.i386.rpm
49b87abfb69a066756eed6441c226775 7.0/en/os/i386/openssl095a-0.9.5a-18.i386.rpm
ee11260a7760ddf55b4ec7755b00b3a7 7.1/en/os/SRPMS/openssl-0.9.6-13.src.rpm
5ef4beb986cb64aaae2cfd5726a03659 7.1/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm
aa89abcd401045500219b03d4903811b 7.1/en/os/alpha/openssl-0.9.6-13.alpha.rpm
8477aeb72e53df02ce6a59d37de7cb02 7.1/en/os/alpha/openssl-devel-0.9.6-13.alpha.rpm
fff55b6d8a51b9c0b5d10dafcc7511e4 7.1/en/os/alpha/openssl-perl-0.9.6-13.alpha.rpm
168813d3974d63869120464765e34dd8 7.1/en/os/alpha/openssl-python-0.9.6-13.alpha.rpm
92d8348414826ec4409e8d31e2513941 7.1/en/os/alpha/openssl095a-0.9.5a-18.alpha.rpm
f3f805e9698affd543c42a55cbdbaba7 7.1/en/os/i386/openssl-0.9.6-13.i386.rpm
f8d57d36b1dd4ef5bf0b89579ec229cd 7.1/en/os/i386/openssl-devel-0.9.6-13.i386.rpm
e18c81476ad5db84dd3178639edbdd82 7.1/en/os/i386/openssl-perl-0.9.6-13.i386.rpm
7f20d329ca75dfce15c883d96ffbaf40 7.1/en/os/i386/openssl-python-0.9.6-13.i386.rpm
49b87abfb69a066756eed6441c226775 7.1/en/os/i386/openssl095a-0.9.5a-18.i386.rpm
279a924595d4fb05d9071174e57e61d5 7.1/en/os/ia64/openssl-0.9.6-13.ia64.rpm
50a5b0b5b5c13eaa4e397a7983839e5c 7.1/en/os/ia64/openssl-devel-0.9.6-13.ia64.rpm
b115c9b4850610940584caf761fd9a86 7.1/en/os/ia64/openssl-perl-0.9.6-13.ia64.rpm
79baeddf64b07b3bfecb1ae71fe110a1 7.1/en/os/ia64/openssl-python-0.9.6-13.ia64.rpm
f6615406c84745284f0e7e9b0d4d0d99 7.1/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm
a502539af00bf8fc4f184542dbe2a57f 7.2/en/os/SRPMS/openssl-0.9.6b-28.src.rpm
5ef4beb986cb64aaae2cfd5726a03659 7.2/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm
79423e3818cf2d6997f440d8878b5b5c 7.2/en/os/SRPMS/openssl096-0.9.6-13.src.rpm
c0a52c85725b1ecff52d9c1372472360 7.2/en/os/i386/openssl-0.9.6b-28.i386.rpm
bdf9826263203f54685e81bb71815fd0 7.2/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm
98fd036fc344c1a058d7d62c0cdbdeef 7.2/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm
49b87abfb69a066756eed6441c226775 7.2/en/os/i386/openssl095a-0.9.5a-18.i386.rpm
f8852fa073d9e6462264c98c694339be 7.2/en/os/i386/openssl096-0.9.6-13.i386.rpm
aec758aeb92b8f6b49365374e7896877 7.2/en/os/i686/openssl-0.9.6b-28.i686.rpm
c95cd939889b64b199fd477d950d1bad 7.2/en/os/ia64/openssl-0.9.6b-28.ia64.rpm
ad2477c7f4b611c7c800eedd8856489a 7.2/en/os/ia64/openssl-devel-0.9.6b-28.ia64.rpm
8e4b14c78ed76602a0e377c7559b0747 7.2/en/os/ia64/openssl-perl-0.9.6b-28.ia64.rpm
f6615406c84745284f0e7e9b0d4d0d99 7.2/en/os/ia64/openssl095a-0.9.5a-18.ia64.rpm
975e5824273ba98163fe9efe841053c5 7.2/en/os/ia64/openssl096-0.9.6-13.ia64.rpm
a502539af00bf8fc4f184542dbe2a57f 7.3/en/os/SRPMS/openssl-0.9.6b-28.src.rpm
5ef4beb986cb64aaae2cfd5726a03659 7.3/en/os/SRPMS/openssl095a-0.9.5a-18.src.rpm
79423e3818cf2d6997f440d8878b5b5c 7.3/en/os/SRPMS/openssl096-0.9.6-13.src.rpm
c0a52c85725b1ecff52d9c1372472360 7.3/en/os/i386/openssl-0.9.6b-28.i386.rpm
bdf9826263203f54685e81bb71815fd0 7.3/en/os/i386/openssl-devel-0.9.6b-28.i386.rpm
98fd036fc344c1a058d7d62c0cdbdeef 7.3/en/os/i386/openssl-perl-0.9.6b-28.i386.rpm
49b87abfb69a066756eed6441c226775 7.3/en/os/i386/openssl095a-0.9.5a-18.i386.rpm
f8852fa073d9e6462264c98c694339be 7.3/en/os/i386/openssl096-0.9.6-13.i386.rpm
aec758aeb92b8f6b49365374e7896877 7.3/en/os/i686/openssl-0.9.6b-28.i686.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659



Copyright(c) 2000, 2001, 2002 Red Hat, Inc.





 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Hackers Hid a Money-Mining Botnet in Amazonís Cloud
Homeland Security gets into software security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.