Issued:

2013-02-20

Updated:

2013-02-20

RHBA-2013:0443 - openssl bug fix update

Synopsis

openssl bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated openssl packages that fix four bugs are now available for Red Hat Enterprise Linux 6.

Description

The openssl packages provide a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

This update fixes the following bugs:

• Prior to this update, the pkgconfig configuration files of OpenSSL libraries contained an invalid libdir value. This update update modifies the underlying code to use the correct libdir value. (BZ#770872)

• Prior to this update, the openssl function "BIO_new_accept()" failed to listen on IPv4 addresses when this function was invoked with the ":port" parameter. As a consequence, users failed to connect via IPv4 to a server that used this function call with the ":port" parameter. This update modifies this function to listen on IPv4 address with this parameter as expected. (BZ#800088)

• Prior to this update, encrypted private key files that were saved in FIPS mode were corrupted because the PEM encryption uses hash algorithms that are not available in FIPS mode. This update uses the PKCS#8 encrypted format to write private keys to files in FIPS mode. This file format uses only algorithms that are available in FIPS mode. (BZ#841645)

• The manual page for "rand", the pseudo-random number generator, is named "sslrand" to avoid conflict with the manual page for the C library "rand()" function. This update provides the "openssl" manual page update to reflect this. (BZ#841645)

All users of openssl are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Affected Products

Updated Packages

• openssl-debuginfo-1.0.0-27.el6.ppc.rpm
• openssl-perl-1.0.0-27.el6.ppc64.rpm
• openssl-static-1.0.0-27.el6.ppc64.rpm
• openssl-devel-1.0.0-27.el6.s390.rpm
• openssl-devel-1.0.0-27.el6.s390x.rpm
• openssl-1.0.0-27.el6.i686.rpm
• openssl-debuginfo-1.0.0-27.el6.ppc64.rpm
• openssl-devel-1.0.0-27.el6.ppc64.rpm
• openssl-devel-1.0.0-27.el6.x86_64.rpm
• openssl-1.0.0-27.el6.s390.rpm
• openssl-debuginfo-1.0.0-27.el6.i686.rpm
• openssl-1.0.0-27.el6.src.rpm
• openssl-perl-1.0.0-27.el6.i686.rpm
• openssl-1.0.0-27.el6.ppc.rpm
• openssl-static-1.0.0-27.el6.s390x.rpm
• openssl-perl-1.0.0-27.el6.s390x.rpm
• openssl-1.0.0-27.el6.s390x.rpm
• openssl-debuginfo-1.0.0-27.el6.s390x.rpm
• openssl-1.0.0-27.el6.ppc64.rpm
• openssl-static-1.0.0-27.el6.i686.rpm
• openssl-devel-1.0.0-27.el6.ppc.rpm
• openssl-devel-1.0.0-27.el6.i686.rpm
• openssl-static-1.0.0-27.el6.x86_64.rpm
• openssl-debuginfo-1.0.0-27.el6.x86_64.rpm
• openssl-1.0.0-27.el6.x86_64.rpm
• openssl-debuginfo-1.0.0-27.el6.s390.rpm
• openssl-perl-1.0.0-27.el6.x86_64.rpm

Fixes

• This content is not included.BZ - 770872
• This content is not included.BZ - 812348
• This content is not included.BZ - 841645

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.