Oval Definition:oval:com.redhat.rhsa:def:20090004
Revision Date:2009-01-07Version:637
Title:RHSA-2009:0004: openssl security update (Important)
Description:OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose, cryptography library.

  • The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation. (CVE-2008-5077)

    All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all running OpenSSL client applications must be restarted, or the system rebooted.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2008-5077
    RHSA-2009:0004
    RHSA-2009:0004-01
    RHSA-2009:0004-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • openssl-perl is earlier than 0:0.9.7a-33.25
  • AND openssl-perl is signed with Red Hat master key
  • openssl is earlier than 0:0.9.7a-33.25
  • AND openssl is signed with Red Hat master key
  • openssl-devel is earlier than 0:0.9.7a-33.25
  • AND openssl-devel is signed with Red Hat master key
  • openssl096b is earlier than 0:0.9.6b-16.49
  • AND openssl096b is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • openssl-devel is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl-devel is signed with Red Hat master key
  • openssl-perl is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl-perl is signed with Red Hat master key
  • openssl is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl is signed with Red Hat master key
  • openssl096b is earlier than 0:0.9.6b-22.46.el4_7
  • AND openssl096b is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • openssl097a is earlier than 0:0.9.7a-9.el5_2.1
  • AND openssl097a is signed with Red Hat redhatrelease key
  • openssl-devel is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl-devel is signed with Red Hat redhatrelease key
  • openssl-perl is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl-perl is signed with Red Hat redhatrelease key
  • openssl is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl is signed with Red Hat redhatrelease key
  • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • openssl is earlier than 0:0.9.7a-33.25
  • AND openssl is signed with Red Hat master key
  • openssl-devel is earlier than 0:0.9.7a-33.25
  • AND openssl-devel is signed with Red Hat master key
  • openssl-perl is earlier than 0:0.9.7a-33.25
  • AND openssl-perl is signed with Red Hat master key
  • openssl096b is earlier than 0:0.9.6b-16.49
  • AND openssl096b is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • openssl is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl is signed with Red Hat master key
  • openssl-devel is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl-devel is signed with Red Hat master key
  • openssl-perl is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl-perl is signed with Red Hat master key
  • openssl096b is earlier than 0:0.9.6b-22.46.el4_7
  • AND openssl096b is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • openssl097a is earlier than 0:0.9.7a-9.el5_2.1
  • AND openssl097a is signed with Red Hat redhatrelease key
  • openssl is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl is signed with Red Hat redhatrelease key
  • openssl-devel is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl-devel is signed with Red Hat redhatrelease key
  • openssl-perl is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl-perl is signed with Red Hat redhatrelease key
  • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • openssl is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl is signed with Red Hat redhatrelease2 key
  • openssl-devel is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl-devel is signed with Red Hat redhatrelease2 key
  • openssl-perl is earlier than 0:0.9.7a-43.17.el4_7.2
  • AND openssl-perl is signed with Red Hat redhatrelease2 key
  • openssl096b is earlier than 0:0.9.6b-22.46.el4_7
  • AND openssl096b is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • openssl097a is earlier than 0:0.9.7a-9.el5_2.1
  • AND openssl097a is signed with Red Hat redhatrelease2 key
  • openssl is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl is signed with Red Hat redhatrelease2 key
  • openssl-devel is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl-devel is signed with Red Hat redhatrelease2 key
  • openssl-perl is earlier than 0:0.9.8b-10.el5_2.1
  • AND openssl-perl is signed with Red Hat redhatrelease2 key
  • BACK