openssl (SL5)

By Scientific Linux Team on April 13, 2015

Synopsis: Moderate: openssl security update
Advisory ID: SLSA-2015:0800-1
Issue Date: 2015-04-13
CVE Numbers: CVE-2015-0204
CVE-2014-8275
CVE-2015-0287
CVE-2015-0289
CVE-2015-0292
CVE-2015-0293
CVE-2015-0288

It was discovered that OpenSSL would accept ephemeral RSA keys when using
non-export RSA cipher suites. A malicious server could make a TLS/SSL
client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

An integer underflow flaw, leading to a buffer overflow, was found in the
way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to
make an application using OpenSSL decode a specially crafted
Base64-encoded input (such as a PEM file) could use this flaw to cause the
application to crash. Note: this flaw is not exploitable via the TLS/SSL
protocol because the data being transferred is not Base64-encoded.
(CVE-2015-0292)

A denial of service flaw was found in the way OpenSSL handled SSLv2
handshake messages. A remote attacker could use this flaw to cause a
TLS/SSL server using OpenSSL to exit on a failed assertion if it had both
the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)

Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An
attacker could use these flaws to modify an X.509 certificate to produce a
certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2014-8275)

An out-of-bounds write flaw was found in the way OpenSSL reused certain
ASN.1 structures. A remote attacker could possibly use a specially crafted
ASN.1 structure that, when parsed by an application, would cause that
application to crash. (CVE-2015-0287)

A NULL pointer dereference flaw was found in OpenSSL’s X.509 certificate
handling implementation. A specially crafted X.509 certificate could cause
an application using OpenSSL to crash if the application attempted to
convert the certificate to a certificate request. (CVE-2015-0288)

A NULL pointer dereference was found in the way OpenSSL handled certain
PKCS#7 inputs. An attacker able to make an application using OpenSSL
verify, decrypt, or parse a specially crafted PKCS#7 input could cause
that application to crash. TLS/SSL clients and servers using OpenSSL were
not affected by this flaw. (CVE-2015-0289)

For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.

SL5
x86_64
openssl-0.9.8e-33.el5_11.i686.rpm
openssl-0.9.8e-33.el5_11.x86_64.rpm
openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm
openssl-perl-0.9.8e-33.el5_11.x86_64.rpm
openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
openssl-devel-0.9.8e-33.el5_11.i386.rpm
openssl-devel-0.9.8e-33.el5_11.x86_64.rpm
i386
openssl-0.9.8e-33.el5_11.i386.rpm
openssl-0.9.8e-33.el5_11.i686.rpm
openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm
openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm
openssl-perl-0.9.8e-33.el5_11.i386.rpm
openssl-devel-0.9.8e-33.el5_11.i386.rpm

– Scientific Linux Development Team