-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2005.0414 -- RHSA-2005:476-01
                     Moderate: openssl security update
                                2 June 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenSSL
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Desktop 4
                   Red Hat Enterprise Linux AS/ES/WS 3
                   Red Hat Desktop 3
                   Red Hat Enterprise Linux AS/ES/WS 2.1
                   Red Hat Linux Advanced Workstation 2.1
Impact:            Access Privileged Data
                   Overwrite Arbitrary Files
Access:            Existing Account
CVE Names:         CAN-2005-0109 CAN-2004-0975

Ref:               ESB-2004.0746
                   ESB-2005.0385

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-476.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: openssl security update
Advisory ID:       RHSA-2005:476-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-476.html
Issue date:        2005-06-01
Updated on:        2005-06-01
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0975 CAN-2005-0109
- - ---------------------------------------------------------------------

1. Summary:

Updated OpenSSL packages that fix security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

Colin Percival reported a cache timing attack that could allow a malicious
local user to gain portions of cryptographic keys.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CAN-2005-0109 to the issue.  The OpenSSL library has been patched to add a
new fixed-window mod_exp implementation as default for RSA, DSA, and DH
private-key operations.  This patch is designed to mitigate cache timing
and potentially related attacks.

A flaw was found in the way the der_chop script creates temporary files. It
is possible that a malicious local user could cause der_chop to overwrite
files (CAN-2004-0975).  The der_chop script was deprecated and has been
removed from these updated packages.  Red Hat Enterprise Linux 4 did not
ship der_chop and is therefore not vulnerable to this issue.

Users are advised to update to these erratum packages which contain patches
to correct these issues.

Please note: After installing this update, users are advised to either
restart all services that use OpenSSL or restart their system.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

136302 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
140061 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
157631 - CAN-2005-0109 timing attack on OpenSSL with HT


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-25.src.rpm
102f28d06aea7cf3bb34a56cd5da0090  openssl095a-0.9.5a-25.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-25.8.src.rpm
8bafb6187e44ed15d98bd74c0b5cad84  openssl096-0.9.6-25.8.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3  openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd  openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5  openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405  openssl-perl-0.9.6b-39.i386.rpm
653b775edf3a0a9349f6fb35027c6143  openssl095a-0.9.5a-25.i386.rpm
10964869b19af694a5d0514cb36fa205  openssl096-0.9.6-25.8.i386.rpm

ia64:
f3cb5aa3d4e294ae79fd2330011b5f08  openssl-0.9.6b-39.ia64.rpm
2b9344fb71bb4dee0685dd14e07f9274  openssl-devel-0.9.6b-39.ia64.rpm
7167fd4a10d412dcb565f58debb67ac4  openssl-perl-0.9.6b-39.ia64.rpm
935dbc0ded3197d15a7fa5f0dfe373e4  openssl095a-0.9.5a-25.ia64.rpm
7bf31fe46f5eaccb2388b2cda4253cb9  openssl096-0.9.6-25.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-25.src.rpm
102f28d06aea7cf3bb34a56cd5da0090  openssl095a-0.9.5a-25.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-25.8.src.rpm
8bafb6187e44ed15d98bd74c0b5cad84  openssl096-0.9.6-25.8.src.rpm

ia64:
f3cb5aa3d4e294ae79fd2330011b5f08  openssl-0.9.6b-39.ia64.rpm
2b9344fb71bb4dee0685dd14e07f9274  openssl-devel-0.9.6b-39.ia64.rpm
7167fd4a10d412dcb565f58debb67ac4  openssl-perl-0.9.6b-39.ia64.rpm
935dbc0ded3197d15a7fa5f0dfe373e4  openssl095a-0.9.5a-25.ia64.rpm
7bf31fe46f5eaccb2388b2cda4253cb9  openssl096-0.9.6-25.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3  openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd  openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5  openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405  openssl-perl-0.9.6b-39.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-39.src.rpm
2202dc14a7399f6ff8fcd41fc94e8dca  openssl-0.9.6b-39.src.rpm

i386:
c79dea648676c22fb5a009e1f39e5ea3  openssl-0.9.6b-39.i386.rpm
56186ba8a320a509946b9d692f55f3cd  openssl-0.9.6b-39.i686.rpm
381085275ca47b015e00cb6d8623ecc5  openssl-devel-0.9.6b-39.i386.rpm
f91c8281f03b68b7b5ebdfb487890405  openssl-perl-0.9.6b-39.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a  openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df  openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d  openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227  openssl096b-0.9.6b-16.22.3.ia64.rpm

ppc:
44e5f6bf71e3981f7844e85b29d530df  openssl-0.9.7a-33.15.ppc.rpm
ecdfa92368a84e089d900f0a629a1170  openssl-0.9.7a-33.15.ppc64.rpm
2ca81b2af2ba7375c77b1170df585520  openssl-devel-0.9.7a-33.15.ppc.rpm
7c6ab2cf3daff6a488b064366026b2ef  openssl-perl-0.9.7a-33.15.ppc.rpm
162f4749b30290556231124094cd2bad  openssl096b-0.9.6b-16.22.3.ppc.rpm

s390:
cea7e0a81d9c7e905c44a66ef0aac7bc  openssl-0.9.7a-33.15.s390.rpm
51266bee2ab9d83a40da1ff623b3637c  openssl-devel-0.9.7a-33.15.s390.rpm
3d4c371a3424bcfeff87341706eed0cc  openssl-perl-0.9.7a-33.15.s390.rpm
f1e853444cd2e99374ca8a70a552437d  openssl096b-0.9.6b-16.22.3.s390.rpm

s390x:
cea7e0a81d9c7e905c44a66ef0aac7bc  openssl-0.9.7a-33.15.s390.rpm
63bc66c55d18699ad8acfbf1730d02be  openssl-0.9.7a-33.15.s390x.rpm
43ee653eba3bcd8281231a3124e1d635  openssl-devel-0.9.7a-33.15.s390x.rpm
c422bb5d666389ef0cf101ff327f304e  openssl-perl-0.9.7a-33.15.s390x.rpm
f1e853444cd2e99374ca8a70a552437d  openssl096b-0.9.6b-16.22.3.s390.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a  openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df  openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d  openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227  openssl096b-0.9.6b-16.22.3.ia64.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.15.src.rpm
fecbb9965efea588bcfc4ccbd72768fd  openssl-0.9.7a-33.15.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.22.3.src.rpm
46629205793cb96e5cc327b8b179051f  openssl096b-0.9.6b-16.22.3.src.rpm

i386:
2b9f1aa02444b77b229d5879b1726a86  openssl-0.9.7a-33.15.i386.rpm
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
6208a674e905b110d72973e0adaf6cf3  openssl-devel-0.9.7a-33.15.i386.rpm
3ad6a8e8713e716a6229e95a43b890a1  openssl-perl-0.9.7a-33.15.i386.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm

ia64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
ec72eec3236de964420dc9e38ae8d71a  openssl-0.9.7a-33.15.ia64.rpm
b266014efab5aa58e0fd83b0959d54df  openssl-devel-0.9.7a-33.15.ia64.rpm
459eeb342e024e624d6268ed4e9eec9d  openssl-perl-0.9.7a-33.15.ia64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
94b2856c1e42167fca7391daec2a8227  openssl096b-0.9.6b-16.22.3.ia64.rpm

x86_64:
885db73998e10cb54b063e1a70accbb4  openssl-0.9.7a-33.15.i686.rpm
14aa11421e2f27ebe03b961ddc067a89  openssl-0.9.7a-33.15.x86_64.rpm
69146c5d0a1e0b1b42a1446ad5f28d65  openssl-devel-0.9.7a-33.15.x86_64.rpm
9643ce541a386847bf188db74e0ce92e  openssl-perl-0.9.7a-33.15.x86_64.rpm
597de32a07318098040a8a7b307b426c  openssl096b-0.9.6b-16.22.3.i386.rpm
497fcbbdf8d777529bbb0f0b9967d179  openssl096b-0.9.6b-16.22.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab  openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7  openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad  openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794  openssl096b-0.9.6b-22.3.ia64.rpm

ppc:
c8c471cb2bd9b2792b34d2af3892bd4c  openssl-0.9.7a-43.2.ppc.rpm
a08ad5a5c884cd358de86f47da1825b0  openssl-0.9.7a-43.2.ppc64.rpm
146d7e707e729f2d7df6554623e311b4  openssl-devel-0.9.7a-43.2.ppc.rpm
9da94be3f0733cf0937ec83a74ddefaf  openssl-perl-0.9.7a-43.2.ppc.rpm
3b95181c557862605da524b478f95895  openssl096b-0.9.6b-22.3.ppc.rpm

s390:
88f84e9a7d2ec9d52e1bf61ca46efbe2  openssl-0.9.7a-43.2.s390.rpm
6abebec07c747455150652f0657386d4  openssl-devel-0.9.7a-43.2.s390.rpm
410612c59b990ee7031654a4bc3d5be2  openssl-perl-0.9.7a-43.2.s390.rpm
7c1d10a24e9f4a3443ade30b09560f44  openssl096b-0.9.6b-22.3.s390.rpm

s390x:
88f84e9a7d2ec9d52e1bf61ca46efbe2  openssl-0.9.7a-43.2.s390.rpm
7112d8f2afc723f566f92685338daa0e  openssl-0.9.7a-43.2.s390x.rpm
fd8089721740fced840cb16c1e13aa9a  openssl-devel-0.9.7a-43.2.s390x.rpm
967c2c22cfc0549e768fb24760a83561  openssl-perl-0.9.7a-43.2.s390x.rpm
7c1d10a24e9f4a3443ade30b09560f44  openssl096b-0.9.6b-22.3.s390.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab  openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7  openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad  openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794  openssl096b-0.9.6b-22.3.ia64.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.2.src.rpm
632bcfec21c365a0b85a9ede55eb5cf1  openssl-0.9.7a-43.2.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.3.src.rpm
d4d515e7811eb994384a7591fdba9e7f  openssl096b-0.9.6b-22.3.src.rpm

i386:
487ce4c45ebf66926274b1253a848cd4  openssl-0.9.7a-43.2.i386.rpm
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
8978b9729c1a20fd03e983114b130dd0  openssl-devel-0.9.7a-43.2.i386.rpm
3ca9137b86397258d518bdc259ac4b78  openssl-perl-0.9.7a-43.2.i386.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm

ia64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
2982807a86a9014fc24244313fa94eab  openssl-0.9.7a-43.2.ia64.rpm
70bd62608e952f884fd5a28d19bd96a7  openssl-devel-0.9.7a-43.2.ia64.rpm
c7a9c09ff8873c7a64186f928b14baad  openssl-perl-0.9.7a-43.2.ia64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
9dd474ab5fd73f0a83a9b0d1953f5794  openssl096b-0.9.6b-22.3.ia64.rpm

x86_64:
984d989808f91d1cc99643aebc3feddd  openssl-0.9.7a-43.2.i686.rpm
a08f4a829f55b9410d392c660139a087  openssl-0.9.7a-43.2.x86_64.rpm
d788d0abc3990f22ee2a879f64c0f79f  openssl-devel-0.9.7a-43.2.x86_64.rpm
272c1d08b3f644e66165bd2aeb39798a  openssl-perl-0.9.7a-43.2.x86_64.rpm
b6b2e4312f617df65e64c3ef900808eb  openssl096b-0.9.6b-22.3.i386.rpm
8200d3810815f04044a4660c6cd326f6  openssl096b-0.9.6b-22.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCnbphXlSAg2UNWIIRAuPkAJ9SH5Hgar+1ylBcpbtLfN4JDd2xQgCgviUd
ku7JNTOYm8ER2V+gCzDFKnM=
=fJhr
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQp5NFSh9+71yA2DNAQJvSQP/Rl6Pgwn2sggJtxQdS3caUubOe/JZ436E
QUaE3JMvVam6JIDjUf1CH8wSOh+/5wDPLDj3OlFlapCQrAwFejdBLz7JJH8G+kUs
3N/v5eQqVw1M/WV/JH+wXuJ7AJmwWsMA8RKwqxGloxoANdHLtQUA8enobq+MtRM2
LB/kaV9hEgA=
=XqUi
-----END PGP SIGNATURE-----