このコンテンツは選択した言語では利用できません。

4.132. openssl


Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

Security Fixes

CVE-2011-4108
It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle.
CVE-2011-4109
A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data.
CVE-2011-4576
An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.
CVE-2011-4619
It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake.
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Updated openssl packages that fix a bug and add various enhancements are now available for Red Hat Enterprise Linux 5.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Bug Fix

BZ#726593
Prior to this update, the openssl configuration file variables with "yes" or "no" values were parsed incorrectly. The value of "yes" was interpreted as "no". With this update, the "yes" or "no" values in the configuration file are now parsed correctly.

Enhancements

BZ#628976
Documentation of possible error states related to the FIPS mode is now included in the README.FIPS file.
BZ#735819
DigiCert Certification Authority certificates were added to the /etc/pki/tls/certs/ca-bundle.crt file that contains the certificates of trusted certification authorities.
BZ#740866
Known answer self-tests for the SHA2 algorithms (SHA256 and SHA512) were added to the FIPS mode start up self tests.
BZ#745410
The makefile for generating keys and certificates was updated to generate the private keys with a length of 2048 bits by default as the previous length of 1024 bits is now considered too weak.
All users of OpenSSL should upgrade to these updated packages, which fix this bug and add these enhancements.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.