openssl-1.0.1e-51.el7.1

エラータID: AXSA:2015-933:02

Release date: 
Monday, December 14, 2015 - 14:10
Subject: 
openssl-1.0.1e-51.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

Security issues fixed with this release:

CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before
1.0.2e allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via an RSA PSS ASN.1
signature that lacks a mask generation function parameter.
CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in
OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and
1.0.2 before 1.0.2e mishandles errors caused by malformed
X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive
information from process memory by triggering a decoding failure in a
PKCS#7 or CMS application.
CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and
1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the
PSK identity hint to an incorrect data structure, which allows remote
servers to cause a denial of service (race condition and double free)
via a crafted ServerKeyExchange message.

Solution: 

Update packages.

CVEs: 
CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
Additional Info: 

N/A

Download: 

SRPMS
  1. openssl-1.0.1e-51.el7.1.src.rpm
    MD5: 0b352e2de24ca6e34af466b63e5ee9ad
    SHA-256: 124b3121fa03487e2cdedba3b45b909b6dd00b51957cfb0912764713ea24d767
    Size: 3.12 MB

Asianux Server 7 for x86_64
  1. openssl-1.0.1e-51.el7.1.x86_64.rpm
    MD5: 13dee43389f4909027ffd2bababcac34
    SHA-256: 3024e068a065b194f3a434e8b5525f9be9bf2a3130a928b1432833f707e3f363
    Size: 709.80 kB
  2. openssl-devel-1.0.1e-51.el7.1.x86_64.rpm
    MD5: 68f9fb9f73ea0f4f3f34dec70b9bfa5e
    SHA-256: f91fa6f0e26b2426bfa826d5df24b46571a00bf5f90d8159ab2a3b07f90531d8
    Size: 1.18 MB
  3. openssl-libs-1.0.1e-51.el7.1.x86_64.rpm
    MD5: 296184f3339c725f0a2aa1f2cd63c6c3
    SHA-256: f2f02727ba7fc50b54b7e1c365fd75cd7fb6b9744d1b5c772d1695abe43ff59b
    Size: 948.95 kB
  4. openssl-devel-1.0.1e-51.el7.1.i686.rpm
    MD5: 55c3c61297300c07afce5bbdf3fa64eb
    SHA-256: b120d45ff1a3ebb1a8ef9574a4bc5b46f1ff3b24d03cff4decd9dba719c54441
    Size: 1.18 MB
  5. openssl-libs-1.0.1e-51.el7.1.i686.rpm
    MD5: b5405c150e566df56dcfc276e48776f6
    SHA-256: 627956667ef05a2f0da64497fb44faf8026e84c318cfe250c5c1761987d387d5
    Size: 935.85 kB