Rapid7 VulnDB

RHSA-2014:0015: openssl security update

Back to Search

RHSA-2014:0015: openssl security update

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
01/01/2014
Created
07/25/2018
Added
01/09/2014
Modified
07/04/2017

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.A flaw was found in the way OpenSSL determined which hashing algorithm touse when TLS protocol version 1.2 was enabled. This could possibly causeOpenSSL to use an incorrect hashing algorithm, leading to a crash of anapplication using the library. (CVE-2013-6449)It was discovered that the Datagram Transport Layer Security (DTLS)protocol implementation in OpenSSL did not properly maintain encryption anddigest contexts during renegotiation. A lost or discarded renegotiationhandshake packet could cause a DTLS client or server using OpenSSL tocrash. (CVE-2013-6450)A NULL pointer dereference flaw was found in the way OpenSSL handledTLS/SSL protocol handshake packets. A specially crafted handshake packetcould cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)All OpenSSL users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. For the update to takeeffect, all services linked to the OpenSSL library must be restarted, orthe system rebooted.

Solution(s)

  • redhat-upgrade-openssl
  • redhat-upgrade-openssl-debuginfo
  • redhat-upgrade-openssl-devel
  • redhat-upgrade-openssl-perl
  • redhat-upgrade-openssl-static

References

  • redhat-upgrade-openssl
  • redhat-upgrade-openssl-debuginfo
  • redhat-upgrade-openssl-devel
  • redhat-upgrade-openssl-perl
  • redhat-upgrade-openssl-static

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;