[El-errata] ELSA-2010-0163 Moderate: Enterprise Linux 4 openssl security update
Errata Announcements for Enterprise Linux
el-errata at oss.oracle.com
Thu Mar 25 22:19:40 PDT 2010
Enterprise Linux Security Advisory ELSA-2010-0163
https://rhn.redhat.com/errata/RHSA-2010-0163.html
The following updated rpms for Enterprise Linux 4 have been uploaded to
the Unbreakable Linux Network:
i386:
openssl-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm
x86_64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm
ia64:
openssl-0.9.7a-43.17.el4_8.5.i686.rpm
openssl-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm
openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm
SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/openssl-0.9.7a-43.17.el4_8.5.src.rpm
Description of changes:
[0.9.7a-43.17.5]
- do not disable SSLv2 in the renegotiation patch - SSLv2 does
not support renegotiation
- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT
[0.9.7a-43.17.4]
- mention the RFC5746 in the renegotiation fix doc
[0.9.7a-43.17.3]
- CVE-2009-3555 - support the secure renegotiation RFC (#533125)
- CVE-2009-2409 - drop MD2 from the default algorithm list (#510197)
- CVE-2009-0590 - crash when printing incorrect asn1 strings (#492304)
More information about the El-errata
mailing list