RedHat: Moderate: openssl security update
Posted by Benjamin D. Thomas   
RedHat Linux Updated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: openssl security update
Advisory ID:       RHSA-2005:800-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-800.html
Issue date:        2005-10-11
Updated on:        2005-10-11
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2969 CAN-2005-0109
- ---------------------------------------------------------------------

1. Summary:

Updated OpenSSL packages that fix various security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

OpenSSL contained a software work-around for a bug in SSL handling in
Microsoft Internet Explorer version 3.0.2. This work-around is enabled in
most servers that use OpenSSL to provide support for SSL and TLS. Yutaka
Oiwa discovered that this work-around could allow an attacker, acting as a
"man in the middle" to force an SSL connection to use SSL 2.0 rather than a
stronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2969
to this issue.

A bug was also fixed in the way OpenSSL creates DSA signatures. A cache
timing attack was fixed in RHSA-2005-476 which caused OpenSSL to do private
key calculations with a fixed time window. The DSA fix for this was not
complete and the calculations are not always performed within a
fixed-window. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0109 to this issue.

Users are advised to upgrade to these updated packages, which remove the
MISE 3.0.2 work-around and contain patches to correct these issues.

Note: After installing this update, users are advised to either
restart all services that use OpenSSL or restart their system.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

169863 - CAN-2005-2969 Potential SSL 2.0 Rollback
170036 - CAN-2005-0109 DSA signing not quite constant time


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6  openssl-0.9.6b-40.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-26.src.rpm
a7cbf626fdd543cdde496b7c1bd90deb  openssl095a-0.9.5a-26.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-27.src.rpm
a22723bc1cebefaf0bf1732db1b6993a  openssl096-0.9.6-27.src.rpm

i386:
7598a76054596595dbf8a27704cfe443  openssl-0.9.6b-40.i386.rpm
7b87e812c7525fff5359c447af9bff31  openssl-0.9.6b-40.i686.rpm
cc868bc2eecbd4c868d350e9f0b75bca  openssl-devel-0.9.6b-40.i386.rpm
c15fb21ea44810c6199574a083c1ff28  openssl-perl-0.9.6b-40.i386.rpm
f2627de5b33f88fe10a45e48c795f238  openssl095a-0.9.5a-26.i386.rpm
3d7007cd5d63c3be7edb16c65fb016bb  openssl096-0.9.6-27.i386.rpm

ia64:
15f6e57309e119e11e902408f9e555ac  openssl-0.9.6b-40.ia64.rpm
6af1c3bedd8aa0457a78cb250fe4efab  openssl-devel-0.9.6b-40.ia64.rpm
7a23a73d58531a0cacabd83e10c5fc28  openssl-perl-0.9.6b-40.ia64.rpm
2d7b85a090d85e26c4965bc96827d716  openssl095a-0.9.5a-26.ia64.rpm
1b838b7f6891028d30dbeb9550d02cc9  openssl096-0.9.6-27.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6  openssl-0.9.6b-40.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-26.src.rpm
a7cbf626fdd543cdde496b7c1bd90deb  openssl095a-0.9.5a-26.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-27.src.rpm
a22723bc1cebefaf0bf1732db1b6993a  openssl096-0.9.6-27.src.rpm

ia64:
15f6e57309e119e11e902408f9e555ac  openssl-0.9.6b-40.ia64.rpm
6af1c3bedd8aa0457a78cb250fe4efab  openssl-devel-0.9.6b-40.ia64.rpm
7a23a73d58531a0cacabd83e10c5fc28  openssl-perl-0.9.6b-40.ia64.rpm
2d7b85a090d85e26c4965bc96827d716  openssl095a-0.9.5a-26.ia64.rpm
1b838b7f6891028d30dbeb9550d02cc9  openssl096-0.9.6-27.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6  openssl-0.9.6b-40.src.rpm

i386:
7598a76054596595dbf8a27704cfe443  openssl-0.9.6b-40.i386.rpm
7b87e812c7525fff5359c447af9bff31  openssl-0.9.6b-40.i686.rpm
cc868bc2eecbd4c868d350e9f0b75bca  openssl-devel-0.9.6b-40.i386.rpm
c15fb21ea44810c6199574a083c1ff28  openssl-perl-0.9.6b-40.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6  openssl-0.9.6b-40.src.rpm

i386:
7598a76054596595dbf8a27704cfe443  openssl-0.9.6b-40.i386.rpm
7b87e812c7525fff5359c447af9bff31  openssl-0.9.6b-40.i686.rpm
cc868bc2eecbd4c868d350e9f0b75bca  openssl-devel-0.9.6b-40.i386.rpm
c15fb21ea44810c6199574a083c1ff28  openssl-perl-0.9.6b-40.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b  openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c  openssl096b-0.9.6b-16.22.4.src.rpm

i386:
19ef2fd3daf3a64ef387d829e02fa13d  openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5  openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c  openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm

ia64:
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
63367058530617620126aa655e1c564d  openssl-0.9.7a-33.17.ia64.rpm
5e316e5cc36068ee8afe9bfa95f61a15  openssl-devel-0.9.7a-33.17.ia64.rpm
e44fe78a64bcbe2511c523bf1ab78011  openssl-perl-0.9.7a-33.17.ia64.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm
fae0e7644a317001f0ac387213f77f87  openssl096b-0.9.6b-16.22.4.ia64.rpm

ppc:
3af4d96fa3ee2b80ba5e2854a5131a80  openssl-0.9.7a-33.17.ppc.rpm
79b90e9978aea6fb3f4e46facdb17fb7  openssl-0.9.7a-33.17.ppc64.rpm
863b56d4fd9ad3bb665dc47db79b908b  openssl-devel-0.9.7a-33.17.ppc.rpm
4bb33e19267f259dc942cae30f362693  openssl-perl-0.9.7a-33.17.ppc.rpm
6760f451c6117d996d481bec58cb61ad  openssl096b-0.9.6b-16.22.4.ppc.rpm

s390:
dcc3b6bc8db4e2b1108bf3f1b10fc67b  openssl-0.9.7a-33.17.s390.rpm
43ad0817ff7ca0daec654d117ee9960e  openssl-devel-0.9.7a-33.17.s390.rpm
d9fd01ad2432de59efa1c1c45dd66a83  openssl-perl-0.9.7a-33.17.s390.rpm
273e02eb3c9a6d6a1be07ffaf1890ac1  openssl096b-0.9.6b-16.22.4.s390.rpm

s390x:
dcc3b6bc8db4e2b1108bf3f1b10fc67b  openssl-0.9.7a-33.17.s390.rpm
bb9a77d45b3ae89c999766ae27f89bdb  openssl-0.9.7a-33.17.s390x.rpm
4b4a898eeaa57b501bca9cfd648565d1  openssl-devel-0.9.7a-33.17.s390x.rpm
430c0f982d0046b35fedbcd28ef5ee85  openssl-perl-0.9.7a-33.17.s390x.rpm
273e02eb3c9a6d6a1be07ffaf1890ac1  openssl096b-0.9.6b-16.22.4.s390.rpm

x86_64:
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c  openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2  openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435  openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164  openssl096b-0.9.6b-16.22.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b  openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c  openssl096b-0.9.6b-16.22.4.src.rpm

i386:
19ef2fd3daf3a64ef387d829e02fa13d  openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5  openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c  openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm

x86_64:
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c  openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2  openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435  openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164  openssl096b-0.9.6b-16.22.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b  openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c  openssl096b-0.9.6b-16.22.4.src.rpm

i386:
19ef2fd3daf3a64ef387d829e02fa13d  openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5  openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c  openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm

ia64:
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
63367058530617620126aa655e1c564d  openssl-0.9.7a-33.17.ia64.rpm
5e316e5cc36068ee8afe9bfa95f61a15  openssl-devel-0.9.7a-33.17.ia64.rpm
e44fe78a64bcbe2511c523bf1ab78011  openssl-perl-0.9.7a-33.17.ia64.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm
fae0e7644a317001f0ac387213f77f87  openssl096b-0.9.6b-16.22.4.ia64.rpm

x86_64:
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c  openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2  openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435  openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164  openssl096b-0.9.6b-16.22.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b  openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c  openssl096b-0.9.6b-16.22.4.src.rpm

i386:
19ef2fd3daf3a64ef387d829e02fa13d  openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5  openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c  openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm

ia64:
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
63367058530617620126aa655e1c564d  openssl-0.9.7a-33.17.ia64.rpm
5e316e5cc36068ee8afe9bfa95f61a15  openssl-devel-0.9.7a-33.17.ia64.rpm
e44fe78a64bcbe2511c523bf1ab78011  openssl-perl-0.9.7a-33.17.ia64.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm
fae0e7644a317001f0ac387213f77f87  openssl096b-0.9.6b-16.22.4.ia64.rpm

x86_64:
c52ed50d9e3fa7f83524095e874761e2  openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c  openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2  openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435  openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5  openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164  openssl096b-0.9.6b-16.22.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516  openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc  openssl096b-0.9.6b-22.4.src.rpm

i386:
078d5f370a0865e4ff89587e1e4a70e6  openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26  openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9  openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm

ia64:
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
d62851760f66f1243c6261952588d14b  openssl-0.9.7a-43.4.ia64.rpm
c14121a3f8923eb5c45b56e2aaf300bb  openssl-devel-0.9.7a-43.4.ia64.rpm
dc18361ff72e8d6bf1d900e68a1be977  openssl-perl-0.9.7a-43.4.ia64.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm
904defad4950d4be4a5440a56e93d9d3  openssl096b-0.9.6b-22.4.ia64.rpm

ppc:
3b8d4cbce1b67efd6c2cbe3aa3365858  openssl-0.9.7a-43.4.ppc.rpm
bdf81b9f8225b1a66d0d15bfe74ed7fa  openssl-0.9.7a-43.4.ppc64.rpm
5d9f79d875b7d91d74b1ec0c134b231f  openssl-devel-0.9.7a-43.4.ppc.rpm
83afc96da53b50e2cbde2595b3b68a99  openssl-perl-0.9.7a-43.4.ppc.rpm
5150cc49279a92100bc9f1e06c8ecebb  openssl096b-0.9.6b-22.4.ppc.rpm

s390:
f5795878194436f60e96b6ce513b9b30  openssl-0.9.7a-43.4.s390.rpm
22cf17b11d3a044df2887eab133428f9  openssl-devel-0.9.7a-43.4.s390.rpm
745e5b912ecb0ae9702e278adcfae75e  openssl-perl-0.9.7a-43.4.s390.rpm
34dc34a9c4ab3190b36c48d730a58cc7  openssl096b-0.9.6b-22.4.s390.rpm

s390x:
f5795878194436f60e96b6ce513b9b30  openssl-0.9.7a-43.4.s390.rpm
690dc17cd3c1d6dca7dc80dfea81ee7e  openssl-0.9.7a-43.4.s390x.rpm
e6ba82c77b1c88b440db92608ca612ac  openssl-devel-0.9.7a-43.4.s390x.rpm
185ba8108fc9e4b6fa95757b906e29bb  openssl-perl-0.9.7a-43.4.s390x.rpm
34dc34a9c4ab3190b36c48d730a58cc7  openssl096b-0.9.6b-22.4.s390.rpm

x86_64:
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f  openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520  openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100  openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd  openssl096b-0.9.6b-22.4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516  openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc  openssl096b-0.9.6b-22.4.src.rpm

i386:
078d5f370a0865e4ff89587e1e4a70e6  openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26  openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9  openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm

x86_64:
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f  openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520  openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100  openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd  openssl096b-0.9.6b-22.4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516  openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc  openssl096b-0.9.6b-22.4.src.rpm

i386:
078d5f370a0865e4ff89587e1e4a70e6  openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26  openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9  openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm

ia64:
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
d62851760f66f1243c6261952588d14b  openssl-0.9.7a-43.4.ia64.rpm
c14121a3f8923eb5c45b56e2aaf300bb  openssl-devel-0.9.7a-43.4.ia64.rpm
dc18361ff72e8d6bf1d900e68a1be977  openssl-perl-0.9.7a-43.4.ia64.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm
904defad4950d4be4a5440a56e93d9d3  openssl096b-0.9.6b-22.4.ia64.rpm

x86_64:
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f  openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520  openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100  openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd  openssl096b-0.9.6b-22.4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516  openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc  openssl096b-0.9.6b-22.4.src.rpm

i386:
078d5f370a0865e4ff89587e1e4a70e6  openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26  openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9  openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm

ia64:
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
d62851760f66f1243c6261952588d14b  openssl-0.9.7a-43.4.ia64.rpm
c14121a3f8923eb5c45b56e2aaf300bb  openssl-devel-0.9.7a-43.4.ia64.rpm
dc18361ff72e8d6bf1d900e68a1be977  openssl-perl-0.9.7a-43.4.ia64.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm
904defad4950d4be4a5440a56e93d9d3  openssl096b-0.9.6b-22.4.ia64.rpm

x86_64:
24e284285b1475fe404e187c5c71d85e  openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f  openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520  openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100  openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f  openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd  openssl096b-0.9.6b-22.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.