Oval Definition:oval:com.redhat.rhsa:def:20100979
Revision Date:2010-12-13Version:637
Title:RHSA-2010:0979: openssl security update (Moderate)
Description:OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

  • A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180)

    Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled.

    All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2010-4180
    CVE-2010-4180
    RHSA-2010:0979
    RHSA-2010:0979-01
    RHSA-2010:0979-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • openssl is earlier than 0:1.0.0-4.el6_0.2
  • AND openssl is signed with Red Hat redhatrelease2 key
  • openssl-devel is earlier than 0:1.0.0-4.el6_0.2
  • AND openssl-devel is signed with Red Hat redhatrelease2 key
  • openssl-perl is earlier than 0:1.0.0-4.el6_0.2
  • AND openssl-perl is signed with Red Hat redhatrelease2 key
  • openssl-static is earlier than 0:1.0.0-4.el6_0.2
  • AND openssl-static is signed with Red Hat redhatrelease2 key
    • BACK