Rapid7 Vulnerability & Exploit Database

RHSA-2001:051: Updated openssl packages available

Back to Search

RHSA-2001:051: Updated openssl packages available

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/17/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated openssl packages are now available for Red Hat Linux 6.x and 7. These packages include security-related changes made in OpenSSL 0.9.6a and 0.9.6b which have been backported to previous versions released for Red Hat Linux. In addition, this advisory provides OpenSSL 0.9.6 packages for Red Hat Linux 7, which may be used by future updates to both Red Hat Linux 7 and Red Hat Linux 7.1.

Versions of OpenSSL prior to 0.9.6a suffer from potential security problems. These include potential leakage of information after SSL version 3 key exchanges, imperfect distribution of random numbers used when generating signatures, honoring of sensitive environment variables in library functions in setuid or setgid applications, and not taking precautions to counter effects of potential hardware glitches when generating digital signatures. A flaw has also been found in the pseudo-random number generator used in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team has released a patch which corrects this problem.

Solution(s)

  • redhat-upgrade-nss_ldap
  • redhat-upgrade-openssl
  • redhat-upgrade-openssl-devel
  • redhat-upgrade-openssl-perl
  • redhat-upgrade-openssl-python
  • redhat-upgrade-openssl095a

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;