ELSA-2015-2617
- ULN >
- Oracle Linux Errata repository >
- ELSA-2015-2617
ELSA-2015-2617 - openssl security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2015-12-14 |
Description
[1.0.1e-51.1]
- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint
[1.0.1e-51]
- fix the CVE-2015-1791 fix (broken server side renegotiation)
[1.0.1e-50]
- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable
[1.0.1e-49]
- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
[1.0.1e-48]
- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
read in multithreaded applications
[1.0.1e-47]
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)
[1.0.1e-46]
- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)
[1.0.1e-45]
- update fix for CVE-2015-0287 to what was released upstream
[1.0.1e-44]
- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server
[1.0.1e-43]
- fix broken error detection when unwrapping unpadded key
[1.0.1e-42.1]
- fix the RFC 5649 for key material that does not need padding
Related CVEs
| CVE-2015-3194 |
| CVE-2015-3195 |
| CVE-2015-3196 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 6 (i386) | openssl-1.0.1e-42.el6_7.1.src.rpm | 1b5d3fdcab0d80aac738035f0e7750ed | ELSA-2021-9150 |
| openssl-1.0.1e-42.el6_7.1.i686.rpm | d970b4e220e31af8611a51a06c7859ba | ELSA-2021-9150 | |
| openssl-devel-1.0.1e-42.el6_7.1.i686.rpm | 6e1711824616a1467748f465b5807079 | ELSA-2021-9150 | |
| openssl-perl-1.0.1e-42.el6_7.1.i686.rpm | 701b153e5c67de72f284e7ef733a88c3 | ELSA-2021-9150 | |
| openssl-static-1.0.1e-42.el6_7.1.i686.rpm | 678ef3f295dedbcb2b6f7973da4d15b9 | ELSA-2021-9150 | |
| Oracle Linux 6 (x86_64) | openssl-1.0.1e-42.el6_7.1.src.rpm | 1b5d3fdcab0d80aac738035f0e7750ed | ELSA-2021-9150 |
| openssl-1.0.1e-42.el6_7.1.i686.rpm | d970b4e220e31af8611a51a06c7859ba | ELSA-2021-9150 | |
| openssl-1.0.1e-42.el6_7.1.x86_64.rpm | 3608f209609da27765a75e081da70d7f | ELSA-2021-9150 | |
| openssl-devel-1.0.1e-42.el6_7.1.i686.rpm | 6e1711824616a1467748f465b5807079 | ELSA-2021-9150 | |
| openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm | dff06b5c1224b306295fac610522689a | ELSA-2021-9150 | |
| openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm | f5c2a8b0fca6046df2b1c2440f118543 | ELSA-2021-9150 | |
| openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm | 364e8ef5043a24361efb6c6953d76ae9 | ELSA-2021-9150 | |
| Oracle Linux 7 (x86_64) | openssl-1.0.1e-51.el7_2.1.src.rpm | 5bbaa046e2b89bd8eed318837d47475e | ELSA-2017-3518 |
| openssl-1.0.1e-51.el7_2.1.x86_64.rpm | 7e3d6d0d6792fa5e7f9f9a5f01da17d2 | ELSA-2017-3518 | |
| openssl-devel-1.0.1e-51.el7_2.1.i686.rpm | 870659729317190498f363273b50a3f0 | ELSA-2017-3518 | |
| openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm | 12d3a19511b503669f57ae8c549fded2 | ELSA-2017-3518 | |
| openssl-libs-1.0.1e-51.el7_2.1.i686.rpm | 249d5e99d73d40fb0e03608a3b277571 | ELSA-2017-3518 | |
| openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm | 7cf3bcc068b730250491b232a58d44fe | ELSA-2017-3518 | |
| openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm | 8c64d05f1d47523659617d93ac0cd610 | ELSA-2017-3518 | |
| openssl-static-1.0.1e-51.el7_2.1.i686.rpm | b856206e1074a4e4c4d4d6c1b2d4ae8f | ELSA-2017-3518 | |
| openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm | 7f81f375286f211c9b7bd97ef13ab27a | ELSA-2017-3518 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
