ELSA-2015-2617

ELSA-2015-2617 - openssl security update

Type:SECURITY
Severity:MODERATE
Release Date:2015-12-14

Description


[1.0.1e-51.1]
- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint

[1.0.1e-51]
- fix the CVE-2015-1791 fix (broken server side renegotiation)

[1.0.1e-50]
- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable

[1.0.1e-49]
- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function

[1.0.1e-48]
- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
read in multithreaded applications

[1.0.1e-47]
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)

[1.0.1e-46]
- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)

[1.0.1e-45]
- update fix for CVE-2015-0287 to what was released upstream

[1.0.1e-44]
- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server

[1.0.1e-43]
- fix broken error detection when unwrapping unpadded key

[1.0.1e-42.1]
- fix the RFC 5649 for key material that does not need padding


Related CVEs


CVE-2015-3194
CVE-2015-3195
CVE-2015-3196

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) openssl-1.0.1e-42.el6_7.1.src.rpm1b5d3fdcab0d80aac738035f0e7750edELSA-2021-9150
openssl-1.0.1e-42.el6_7.1.i686.rpmd970b4e220e31af8611a51a06c7859baELSA-2021-9150
openssl-devel-1.0.1e-42.el6_7.1.i686.rpm6e1711824616a1467748f465b5807079ELSA-2021-9150
openssl-perl-1.0.1e-42.el6_7.1.i686.rpm701b153e5c67de72f284e7ef733a88c3ELSA-2021-9150
openssl-static-1.0.1e-42.el6_7.1.i686.rpm678ef3f295dedbcb2b6f7973da4d15b9ELSA-2021-9150
Oracle Linux 6 (x86_64) openssl-1.0.1e-42.el6_7.1.src.rpm1b5d3fdcab0d80aac738035f0e7750edELSA-2021-9150
openssl-1.0.1e-42.el6_7.1.i686.rpmd970b4e220e31af8611a51a06c7859baELSA-2021-9150
openssl-1.0.1e-42.el6_7.1.x86_64.rpm3608f209609da27765a75e081da70d7fELSA-2021-9150
openssl-devel-1.0.1e-42.el6_7.1.i686.rpm6e1711824616a1467748f465b5807079ELSA-2021-9150
openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpmdff06b5c1224b306295fac610522689aELSA-2021-9150
openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpmf5c2a8b0fca6046df2b1c2440f118543ELSA-2021-9150
openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm364e8ef5043a24361efb6c6953d76ae9ELSA-2021-9150
Oracle Linux 7 (x86_64) openssl-1.0.1e-51.el7_2.1.src.rpm5bbaa046e2b89bd8eed318837d47475eELSA-2017-3518
openssl-1.0.1e-51.el7_2.1.x86_64.rpm7e3d6d0d6792fa5e7f9f9a5f01da17d2ELSA-2017-3518
openssl-devel-1.0.1e-51.el7_2.1.i686.rpm870659729317190498f363273b50a3f0ELSA-2017-3518
openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm12d3a19511b503669f57ae8c549fded2ELSA-2017-3518
openssl-libs-1.0.1e-51.el7_2.1.i686.rpm249d5e99d73d40fb0e03608a3b277571ELSA-2017-3518
openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm7cf3bcc068b730250491b232a58d44feELSA-2017-3518
openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm8c64d05f1d47523659617d93ac0cd610ELSA-2017-3518
openssl-static-1.0.1e-51.el7_2.1.i686.rpmb856206e1074a4e4c4d4d6c1b2d4ae8fELSA-2017-3518
openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm7f81f375286f211c9b7bd97ef13ab27aELSA-2017-3518



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete