RHSA-2015:0800: Moderate: openssl security update

First published: Mon Apr 13 2015(Updated: )

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)<br>and Transport Layer Security (TLS v1) protocols, as well as a<br>full-strength, general purpose cryptography library.<br>It was discovered that OpenSSL would accept ephemeral RSA keys when using<br>non-export RSA cipher suites. A malicious server could make a TLS/SSL<br>client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)<br>An integer underflow flaw, leading to a buffer overflow, was found in the<br>way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to<br>make an application using OpenSSL decode a specially crafted Base64-encoded<br>input (such as a PEM file) could use this flaw to cause the application to<br>crash. Note: this flaw is not exploitable via the TLS/SSL protocol because<br>the data being transferred is not Base64-encoded. (CVE-2015-0292)<br>A denial of service flaw was found in the way OpenSSL handled SSLv2<br>handshake messages. A remote attacker could use this flaw to cause a<br>TLS/SSL server using OpenSSL to exit on a failed assertion if it had both<br>the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)<br>Multiple flaws were found in the way OpenSSL parsed X.509 certificates.<br>An attacker could use these flaws to modify an X.509 certificate to produce<br>a certificate with a different fingerprint without invalidating its<br>signature, and possibly bypass fingerprint-based blacklisting in<br>applications. (CVE-2014-8275)<br>An out-of-bounds write flaw was found in the way OpenSSL reused certain<br>ASN.1 structures. A remote attacker could possibly use a specially crafted<br>ASN.1 structure that, when parsed by an application, would cause that<br>application to crash. (CVE-2015-0287)<br>A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate<br>handling implementation. A specially crafted X.509 certificate could cause<br>an application using OpenSSL to crash if the application attempted to<br>convert the certificate to a certificate request. (CVE-2015-0288)<br>A NULL pointer dereference was found in the way OpenSSL handled certain<br>PKCS#7 inputs. An attacker able to make an application using OpenSSL<br>verify, decrypt, or parse a specially crafted PKCS#7 input could cause that<br>application to crash. TLS/SSL clients and servers using OpenSSL were not<br>affected by this flaw. (CVE-2015-0289)<br>Red Hat would like to thank the OpenSSL project for reporting <br>CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and <br>CVE-2015-0293. Upstream acknowledges Emilia Kasper of the OpenSSL <br>development team as the original reporter of CVE-2015-0287, Brian Carpenter <br>as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the <br>original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the <br>original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia <br>Kasper of the OpenSSL development team as the original reporters of <br>CVE-2015-0293.<br>All openssl users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. For the update to take<br>effect, all services linked to the OpenSSL library must be restarted, or<br>the system rebooted.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2015:0800
• package-manager/redhat