[El-errata] ELSA-2015-2617 Moderate: Oracle Linux 7 openssl security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Dec 14 06:55:58 PST 2015
Oracle Linux Security Advisory ELSA-2015-2617
http://linux.oracle.com/errata/ELSA-2015-2617.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
openssl-1.0.1e-51.el7_2.1.x86_64.rpm
openssl-devel-1.0.1e-51.el7_2.1.i686.rpm
openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm
openssl-libs-1.0.1e-51.el7_2.1.i686.rpm
openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm
openssl-static-1.0.1e-51.el7_2.1.i686.rpm
openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/openssl-1.0.1e-51.el7_2.1.src.rpm
Description of changes:
[1.0.1e-51.1]
- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint
[1.0.1e-51]
- fix the CVE-2015-1791 fix (broken server side renegotiation)
[1.0.1e-50]
- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although
unexploitable
[1.0.1e-49]
- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
[1.0.1e-48]
- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
read in multithreaded applications
[1.0.1e-47]
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)
[1.0.1e-46]
- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)
[1.0.1e-45]
- update fix for CVE-2015-0287 to what was released upstream
[1.0.1e-44]
- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0292 - integer underflow in base64 decoder
- fix CVE-2015-0293 - triggerable assert in SSLv2 server
[1.0.1e-43]
- fix broken error detection when unwrapping unpadded key
[1.0.1e-42.1]
- fix the RFC 5649 for key material that does not need padding
More information about the El-errata
mailing list