ELSA-2010-0163

ULN >
Oracle Linux Errata repository >
ELSA-2010-0163

ELSA-2010-0163 - openssl security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2010-03-25

Description

[0.9.7a-43.17.5]
- do not disable SSLv2 in the renegotiation patch - SSLv2 does
not support renegotiation
- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT

[0.9.7a-43.17.4]
- mention the RFC5746 in the renegotiation fix doc

[0.9.7a-43.17.3]
- CVE-2009-3555 - support the secure renegotiation RFC (#533125)
- CVE-2009-2409 - drop MD2 from the default algorithm list (#510197)
- CVE-2009-0590 - crash when printing incorrect asn1 strings (#492304)

Related CVEs

CVE-2009-3555

CVE-2009-0590

CVE-2009-2409

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 3 (i386)	openssl-0.9.7a-33.26.src.rpm	6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887	-	el3_i386_latest
	openssl-0.9.7a-33.26.src.rpm	6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887	-	el3_u9_i386_patch
	openssl-0.9.7a-33.26.i386.rpm	71848c05d5ce47e6c258c58dcfb51686b3df7bf7a2dda70dee6fb2f35d9476d6	-	el3_i386_latest
	openssl-0.9.7a-33.26.i386.rpm	71848c05d5ce47e6c258c58dcfb51686b3df7bf7a2dda70dee6fb2f35d9476d6	-	el3_u9_i386_patch
	openssl-0.9.7a-33.26.i686.rpm	b115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e	-	el3_i386_latest
	openssl-0.9.7a-33.26.i686.rpm	b115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e	-	el3_u9_i386_patch
	openssl-devel-0.9.7a-33.26.i386.rpm	72c5580f82f29b01bcd59db52028c0f47104201cad8cc62458f15c37946ec852	-	el3_i386_latest
	openssl-devel-0.9.7a-33.26.i386.rpm	72c5580f82f29b01bcd59db52028c0f47104201cad8cc62458f15c37946ec852	-	el3_u9_i386_patch
	openssl-perl-0.9.7a-33.26.i386.rpm	f26dd12ec973d296f180eb998b5d210b9f8d9778360b153775f953ae5f0c524d	-	el3_i386_latest
	openssl-perl-0.9.7a-33.26.i386.rpm	f26dd12ec973d296f180eb998b5d210b9f8d9778360b153775f953ae5f0c524d	-	el3_u9_i386_patch

Oracle Linux 3 (x86_64)	openssl-0.9.7a-33.26.src.rpm	6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887	-	el3_u9_x86_64_patch
	openssl-0.9.7a-33.26.src.rpm	6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887	-	el3_x86_64_latest
	openssl-0.9.7a-33.26.i686.rpm	b115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e	-	el3_u9_x86_64_patch
	openssl-0.9.7a-33.26.i686.rpm	b115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e	-	el3_x86_64_latest
	openssl-0.9.7a-33.26.x86_64.rpm	c5b2b1feb4cc2928aa41d3a44a4a92113960b1749af0eb63c4c2b7cccaa0dc11	-	el3_u9_x86_64_patch
	openssl-0.9.7a-33.26.x86_64.rpm	c5b2b1feb4cc2928aa41d3a44a4a92113960b1749af0eb63c4c2b7cccaa0dc11	-	el3_x86_64_latest
	openssl-devel-0.9.7a-33.26.x86_64.rpm	afd7421ce2ad469cc7b57dda5614cf9255d8555776b41c57139c9ce84eca9f7d	-	el3_u9_x86_64_patch
	openssl-devel-0.9.7a-33.26.x86_64.rpm	afd7421ce2ad469cc7b57dda5614cf9255d8555776b41c57139c9ce84eca9f7d	-	el3_x86_64_latest
	openssl-perl-0.9.7a-33.26.x86_64.rpm	6131bdd3d7f98e74f93e0738f0d912b8a26c6bc84d6cfd76ad97a225cb63d791	-	el3_u9_x86_64_patch
	openssl-perl-0.9.7a-33.26.x86_64.rpm	6131bdd3d7f98e74f93e0738f0d912b8a26c6bc84d6cfd76ad97a225cb63d791	-	el3_x86_64_latest

Oracle Linux 4 (i386)	openssl-0.9.7a-43.17.el4_8.5.src.rpm	28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4	ELSA-2012-0086	el4_i386_latest
	openssl-0.9.7a-43.17.el4_8.5.src.rpm	28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4	ELSA-2012-0086	el4_u8_i386_patch
	openssl-0.9.7a-43.17.el4_8.5.i386.rpm	0c89f17cffbe450c97cf44f20e3315a6f4902da66305dfb8906ad06cd6731c49	ELSA-2012-0086	el4_i386_latest
	openssl-0.9.7a-43.17.el4_8.5.i386.rpm	0c89f17cffbe450c97cf44f20e3315a6f4902da66305dfb8906ad06cd6731c49	ELSA-2012-0086	el4_u8_i386_patch
	openssl-0.9.7a-43.17.el4_8.5.i686.rpm	0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714f	ELSA-2012-0086	el4_i386_latest
	openssl-0.9.7a-43.17.el4_8.5.i686.rpm	0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714f	ELSA-2012-0086	el4_u8_i386_patch
	openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm	f5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39	ELSA-2012-0086	el4_i386_latest
	openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm	f5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39	ELSA-2012-0086	el4_u8_i386_patch
	openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm	d12647b8823960cfaa0c39cc411cb3d787511962b4b5bc9e787d333c7500b733	ELSA-2012-0086	el4_i386_latest
	openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm	d12647b8823960cfaa0c39cc411cb3d787511962b4b5bc9e787d333c7500b733	ELSA-2012-0086	el4_u8_i386_patch

Oracle Linux 4 (ia64)	openssl-0.9.7a-43.17.el4_8.5.src.rpm	28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4	ELSA-2012-0086	el4_ia64_latest
	openssl-0.9.7a-43.17.el4_8.5.src.rpm	28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4	ELSA-2012-0086	el4_u8_ia64_patch
	openssl-0.9.7a-43.17.el4_8.5.i686.rpm	0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714f	ELSA-2012-0086	el4_ia64_latest
	openssl-0.9.7a-43.17.el4_8.5.i686.rpm	0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714f	ELSA-2012-0086	el4_u8_ia64_patch
	openssl-0.9.7a-43.17.el4_8.5.ia64.rpm	5b84eae4a3114cb60de6c923cbcb66c962a0134e4aa567068c94c58cf7fd782a	ELSA-2012-0086	el4_ia64_latest
	openssl-0.9.7a-43.17.el4_8.5.ia64.rpm	5b84eae4a3114cb60de6c923cbcb66c962a0134e4aa567068c94c58cf7fd782a	ELSA-2012-0086	el4_u8_ia64_patch
	openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm	505a466958b2ec38b82f3200a37b53b7bb4771cca84bfc280ed4c5032011c177	ELSA-2012-0086	el4_ia64_latest
	openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm	505a466958b2ec38b82f3200a37b53b7bb4771cca84bfc280ed4c5032011c177	ELSA-2012-0086	el4_u8_ia64_patch
	openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm	1eb262b30752a02d80e71ebec9d1b8e76d1e46352e007cb6a3053224878d70ff	ELSA-2012-0086	el4_ia64_latest
	openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm	1eb262b30752a02d80e71ebec9d1b8e76d1e46352e007cb6a3053224878d70ff	ELSA-2012-0086	el4_u8_ia64_patch

Oracle Linux 4 (x86_64)	openssl-0.9.7a-43.17.el4_8.5.src.rpm	28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4	ELSA-2012-0086	el4_u8_x86_64_patch
	openssl-0.9.7a-43.17.el4_8.5.src.rpm	28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4	ELSA-2012-0086	el4_x86_64_latest
	openssl-0.9.7a-43.17.el4_8.5.i686.rpm	0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714f	ELSA-2012-0086	el4_u8_x86_64_patch
	openssl-0.9.7a-43.17.el4_8.5.i686.rpm	0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714f	ELSA-2012-0086	el4_x86_64_latest
	openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm	a0eb3499b60222f0cb37c92ea5563b79c435f58daf11a0b89fd786b5575bc836	ELSA-2012-0086	el4_u8_x86_64_patch
	openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm	a0eb3499b60222f0cb37c92ea5563b79c435f58daf11a0b89fd786b5575bc836	ELSA-2012-0086	el4_x86_64_latest
	openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm	f5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39	ELSA-2012-0086	el4_u8_x86_64_patch
	openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm	f5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39	ELSA-2012-0086	el4_x86_64_latest
	openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm	be31b70f783beea1a886b7338bae827ed62e2d7ab14999b3b0eb831b6bc57e08	ELSA-2012-0086	el4_u8_x86_64_patch
	openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm	be31b70f783beea1a886b7338bae827ed62e2d7ab14999b3b0eb831b6bc57e08	ELSA-2012-0086	el4_x86_64_latest
	openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm	2dc1083867a81f1efd33268576cee1148e98874754a7f0a8ede8523d1c7c4e9c	ELSA-2012-0086	el4_u8_x86_64_patch
	openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm	2dc1083867a81f1efd33268576cee1148e98874754a7f0a8ede8523d1c7c4e9c	ELSA-2012-0086	el4_x86_64_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691