SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
(CentOS Issues Fix) Red Hat OpenSSL Locking Error in ssleay_rand_bytes() Lets Remote Users Deny Service
SecurityTracker Alert ID:  1032588
SecurityTracker URL:  http://securitytracker.com/id/1032588
CVE Reference:   CVE-2015-3216   (Links to External Site)
Date:  Jun 16 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in OpenSSL on Red Hat. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted data to a target multi-threaded application that uses OpenSSL to trigger an out-of-bounds memory read error in ssleay_rand_bytes() and cause the application to crash.

Johannes Bauer reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   CentOS has issued a fix.

For CentOS 6:

i386:
aeb1ce9586380db077c6ed640fd8343c7dc9e81522c51761b3c73f3aa54f2c1c openssl-1.0.1e-30.el6.11.i686.rpm
67aac300b57fc2a6ce20491ec3e152679dea33c290d1ecdadc386f662708ac9f openssl-devel-1.0.1e-30.el6.11.i686.rpm
1302b925edd7faa50b82221024f563780d80c2fa672473c27e5a81097450c7ce openssl-perl-1.0.1e-30.el6.11.i686.rpm
5dd7fe542f02762d09f3ee0a7db164f561a1d064fded3a2c85cf4a7e1b016e53 openssl-static-1.0.1e-30.el6.11.i686.rpm

x86_64:
aeb1ce9586380db077c6ed640fd8343c7dc9e81522c51761b3c73f3aa54f2c1c openssl-1.0.1e-30.el6.11.i686.rpm
37d451930cd944d76e4d3633c2358c09f002bb728dd5242dabf7276cf19b08b7 openssl-1.0.1e-30.el6.11.x86_64.rpm
67aac300b57fc2a6ce20491ec3e152679dea33c290d1ecdadc386f662708ac9f openssl-devel-1.0.1e-30.el6.11.i686.rpm
ac07813a1e36327cc1e4f711547f4f870afc5c0ef1952c66bd8298e840196e11 openssl-devel-1.0.1e-30.el6.11.x86_64.rpm
ee631734dd1921b8e8c63e5d48332c76cc1c6677d3453418a372953375ddf12b openssl-perl-1.0.1e-30.el6.11.x86_64.rpm
53e8fba4e2dd99525c2ef1a0f52a63a1412187c6078ad0b095197c37ea94d231 openssl-static-1.0.1e-30.el6.11.x86_64.rpm

Source:
aac901f048953cae0a9d6962636edecb05142f577eca9b5eef37831be727e109 openssl-1.0.1e-30.el6.11.src.rpm

For CentOS 7:

x86_64:
bc9144f9b31c430dcd120cd675b078ff3180de3e1af3f56ece1c28ad1ba1afe6 openssl-1.0.1e-42.el7.8.x86_64.rpm
35707dd23c5f7f5fecd464188234b227f361e115d4814b7818de5a8aa1d11327 openssl-devel-1.0.1e-42.el7.8.i686.rpm
f205480962bab1d757f1731e5834c5d426635dd39445f5624b57136fe115c3e9 openssl-devel-1.0.1e-42.el7.8.x86_64.rpm
47f3d6d69fed0f1ad6440f2f34f02f4df63cb044bbec0f343623f66272a4c594 openssl-libs-1.0.1e-42.el7.8.i686.rpm
c66e3aee4fedbb8695096fb9a8ee0cc5e578e0e362f84bc6cf51e33763499f6e openssl-libs-1.0.1e-42.el7.8.x86_64.rpm
b26d4355aff69dbe707291af3bf976ef388a385c0165af390ae180aa92f01fee openssl-perl-1.0.1e-42.el7.8.x86_64.rpm
a22e45806b0f6021d51b943b1f698614a4340a1216dfd0f318d732c58a989145 openssl-static-1.0.1e-42.el7.8.i686.rpm
b07ce3cc62434bc75d1733f1bbb3e30741f595ac76e7f0a4731ce32d9ae593fa openssl-static-1.0.1e-42.el7.8.x86_64.rpm

Source:
11d65a62ecfa29673e056f44cb163338ab17a18d83170317110422a522e56e0d openssl-1.0.1e-42.el7.8.src.rpm

Vendor URL:  rhn.redhat.com/errata/RHSA-2015-1115.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jun 16 2015 Red Hat OpenSSL Locking Error in ssleay_rand_bytes() Lets Remote Users Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1115 Moderate CentOS 6 openssl Security Update


CentOS Errata and Security Advisory 2015:1115 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1115.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
aeb1ce9586380db077c6ed640fd8343c7dc9e81522c51761b3c73f3aa54f2c1c  openssl-1.0.1e-30.el6.11.i686.rpm
67aac300b57fc2a6ce20491ec3e152679dea33c290d1ecdadc386f662708ac9f  openssl-devel-1.0.1e-30.el6.11.i686.rpm
1302b925edd7faa50b82221024f563780d80c2fa672473c27e5a81097450c7ce  openssl-perl-1.0.1e-30.el6.11.i686.rpm
5dd7fe542f02762d09f3ee0a7db164f561a1d064fded3a2c85cf4a7e1b016e53  openssl-static-1.0.1e-30.el6.11.i686.rpm

x86_64:
aeb1ce9586380db077c6ed640fd8343c7dc9e81522c51761b3c73f3aa54f2c1c  openssl-1.0.1e-30.el6.11.i686.rpm
37d451930cd944d76e4d3633c2358c09f002bb728dd5242dabf7276cf19b08b7  openssl-1.0.1e-30.el6.11.x86_64.rpm
67aac300b57fc2a6ce20491ec3e152679dea33c290d1ecdadc386f662708ac9f  openssl-devel-1.0.1e-30.el6.11.i686.rpm
ac07813a1e36327cc1e4f711547f4f870afc5c0ef1952c66bd8298e840196e11  openssl-devel-1.0.1e-30.el6.11.x86_64.rpm
ee631734dd1921b8e8c63e5d48332c76cc1c6677d3453418a372953375ddf12b  openssl-perl-1.0.1e-30.el6.11.x86_64.rpm
53e8fba4e2dd99525c2ef1a0f52a63a1412187c6078ad0b095197c37ea94d231  openssl-static-1.0.1e-30.el6.11.x86_64.rpm

Source:
aac901f048953cae0a9d6962636edecb05142f577eca9b5eef37831be727e109  openssl-1.0.1e-30.el6.11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC