ELSA-2010-0163

ELSA-2010-0163 - openssl security update

Type:SECURITY
Impact:MODERATE
Release Date:2010-03-25

Description



[0.9.7a-43.17.5]
- do not disable SSLv2 in the renegotiation patch - SSLv2 does
not support renegotiation
- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT

[0.9.7a-43.17.4]
- mention the RFC5746 in the renegotiation fix doc

[0.9.7a-43.17.3]
- CVE-2009-3555 - support the secure renegotiation RFC (#533125)
- CVE-2009-2409 - drop MD2 from the default algorithm list (#510197)
- CVE-2009-0590 - crash when printing incorrect asn1 strings (#492304)


Related CVEs


CVE-2009-3555
CVE-2009-0590
CVE-2009-2409

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 3 (i386) openssl-0.9.7a-33.26.src.rpm6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887-el3_i386_latest
openssl-0.9.7a-33.26.src.rpm6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887-el3_u9_i386_patch
openssl-0.9.7a-33.26.i386.rpm71848c05d5ce47e6c258c58dcfb51686b3df7bf7a2dda70dee6fb2f35d9476d6-el3_i386_latest
openssl-0.9.7a-33.26.i386.rpm71848c05d5ce47e6c258c58dcfb51686b3df7bf7a2dda70dee6fb2f35d9476d6-el3_u9_i386_patch
openssl-0.9.7a-33.26.i686.rpmb115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e-el3_i386_latest
openssl-0.9.7a-33.26.i686.rpmb115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e-el3_u9_i386_patch
openssl-devel-0.9.7a-33.26.i386.rpm72c5580f82f29b01bcd59db52028c0f47104201cad8cc62458f15c37946ec852-el3_i386_latest
openssl-devel-0.9.7a-33.26.i386.rpm72c5580f82f29b01bcd59db52028c0f47104201cad8cc62458f15c37946ec852-el3_u9_i386_patch
openssl-perl-0.9.7a-33.26.i386.rpmf26dd12ec973d296f180eb998b5d210b9f8d9778360b153775f953ae5f0c524d-el3_i386_latest
openssl-perl-0.9.7a-33.26.i386.rpmf26dd12ec973d296f180eb998b5d210b9f8d9778360b153775f953ae5f0c524d-el3_u9_i386_patch
Oracle Linux 3 (x86_64) openssl-0.9.7a-33.26.src.rpm6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887-el3_u9_x86_64_patch
openssl-0.9.7a-33.26.src.rpm6a38a28afc4ba54a71d8d16561bce8071ad713b511279967e3f077ca6f418887-el3_x86_64_latest
openssl-0.9.7a-33.26.i686.rpmb115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e-el3_u9_x86_64_patch
openssl-0.9.7a-33.26.i686.rpmb115d309c47ba0c93201e4679f5f6fcdea22b7ec017b3430cbe90814d7d42b8e-el3_x86_64_latest
openssl-0.9.7a-33.26.x86_64.rpmc5b2b1feb4cc2928aa41d3a44a4a92113960b1749af0eb63c4c2b7cccaa0dc11-el3_u9_x86_64_patch
openssl-0.9.7a-33.26.x86_64.rpmc5b2b1feb4cc2928aa41d3a44a4a92113960b1749af0eb63c4c2b7cccaa0dc11-el3_x86_64_latest
openssl-devel-0.9.7a-33.26.x86_64.rpmafd7421ce2ad469cc7b57dda5614cf9255d8555776b41c57139c9ce84eca9f7d-el3_u9_x86_64_patch
openssl-devel-0.9.7a-33.26.x86_64.rpmafd7421ce2ad469cc7b57dda5614cf9255d8555776b41c57139c9ce84eca9f7d-el3_x86_64_latest
openssl-perl-0.9.7a-33.26.x86_64.rpm6131bdd3d7f98e74f93e0738f0d912b8a26c6bc84d6cfd76ad97a225cb63d791-el3_u9_x86_64_patch
openssl-perl-0.9.7a-33.26.x86_64.rpm6131bdd3d7f98e74f93e0738f0d912b8a26c6bc84d6cfd76ad97a225cb63d791-el3_x86_64_latest
Oracle Linux 4 (i386) openssl-0.9.7a-43.17.el4_8.5.src.rpm28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4ELSA-2012-0086el4_i386_latest
openssl-0.9.7a-43.17.el4_8.5.src.rpm28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4ELSA-2012-0086el4_u8_i386_patch
openssl-0.9.7a-43.17.el4_8.5.i386.rpm0c89f17cffbe450c97cf44f20e3315a6f4902da66305dfb8906ad06cd6731c49ELSA-2012-0086el4_i386_latest
openssl-0.9.7a-43.17.el4_8.5.i386.rpm0c89f17cffbe450c97cf44f20e3315a6f4902da66305dfb8906ad06cd6731c49ELSA-2012-0086el4_u8_i386_patch
openssl-0.9.7a-43.17.el4_8.5.i686.rpm0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714fELSA-2012-0086el4_i386_latest
openssl-0.9.7a-43.17.el4_8.5.i686.rpm0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714fELSA-2012-0086el4_u8_i386_patch
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpmf5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39ELSA-2012-0086el4_i386_latest
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpmf5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39ELSA-2012-0086el4_u8_i386_patch
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpmd12647b8823960cfaa0c39cc411cb3d787511962b4b5bc9e787d333c7500b733ELSA-2012-0086el4_i386_latest
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpmd12647b8823960cfaa0c39cc411cb3d787511962b4b5bc9e787d333c7500b733ELSA-2012-0086el4_u8_i386_patch
Oracle Linux 4 (ia64) openssl-0.9.7a-43.17.el4_8.5.src.rpm28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4ELSA-2012-0086el4_ia64_latest
openssl-0.9.7a-43.17.el4_8.5.src.rpm28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4ELSA-2012-0086el4_u8_ia64_patch
openssl-0.9.7a-43.17.el4_8.5.i686.rpm0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714fELSA-2012-0086el4_ia64_latest
openssl-0.9.7a-43.17.el4_8.5.i686.rpm0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714fELSA-2012-0086el4_u8_ia64_patch
openssl-0.9.7a-43.17.el4_8.5.ia64.rpm5b84eae4a3114cb60de6c923cbcb66c962a0134e4aa567068c94c58cf7fd782aELSA-2012-0086el4_ia64_latest
openssl-0.9.7a-43.17.el4_8.5.ia64.rpm5b84eae4a3114cb60de6c923cbcb66c962a0134e4aa567068c94c58cf7fd782aELSA-2012-0086el4_u8_ia64_patch
openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm505a466958b2ec38b82f3200a37b53b7bb4771cca84bfc280ed4c5032011c177ELSA-2012-0086el4_ia64_latest
openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm505a466958b2ec38b82f3200a37b53b7bb4771cca84bfc280ed4c5032011c177ELSA-2012-0086el4_u8_ia64_patch
openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm1eb262b30752a02d80e71ebec9d1b8e76d1e46352e007cb6a3053224878d70ffELSA-2012-0086el4_ia64_latest
openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm1eb262b30752a02d80e71ebec9d1b8e76d1e46352e007cb6a3053224878d70ffELSA-2012-0086el4_u8_ia64_patch
Oracle Linux 4 (x86_64) openssl-0.9.7a-43.17.el4_8.5.src.rpm28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4ELSA-2012-0086el4_u8_x86_64_patch
openssl-0.9.7a-43.17.el4_8.5.src.rpm28faf102693761a991c0970ee3dba6c0a281f3f601df4b4fe0c5bf9bb6c849a4ELSA-2012-0086el4_x86_64_latest
openssl-0.9.7a-43.17.el4_8.5.i686.rpm0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714fELSA-2012-0086el4_u8_x86_64_patch
openssl-0.9.7a-43.17.el4_8.5.i686.rpm0d9afe466148778223e138944f426aeb6d1b693af760efd05bfacb19670b714fELSA-2012-0086el4_x86_64_latest
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpma0eb3499b60222f0cb37c92ea5563b79c435f58daf11a0b89fd786b5575bc836ELSA-2012-0086el4_u8_x86_64_patch
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpma0eb3499b60222f0cb37c92ea5563b79c435f58daf11a0b89fd786b5575bc836ELSA-2012-0086el4_x86_64_latest
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpmf5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39ELSA-2012-0086el4_u8_x86_64_patch
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpmf5878a3fa251a9603bd4485b540586a6431b1dd23deb7d9c0d22b56d516f8d39ELSA-2012-0086el4_x86_64_latest
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpmbe31b70f783beea1a886b7338bae827ed62e2d7ab14999b3b0eb831b6bc57e08ELSA-2012-0086el4_u8_x86_64_patch
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpmbe31b70f783beea1a886b7338bae827ed62e2d7ab14999b3b0eb831b6bc57e08ELSA-2012-0086el4_x86_64_latest
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm2dc1083867a81f1efd33268576cee1148e98874754a7f0a8ede8523d1c7c4e9cELSA-2012-0086el4_u8_x86_64_patch
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm2dc1083867a81f1efd33268576cee1148e98874754a7f0a8ede8523d1c7c4e9cELSA-2012-0086el4_x86_64_latest



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete