New Search

RHSA-2015:0800 -- openssl security update (Moderate)

oval:org.mitre.oval:def:28514

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2015:0800
  • CESA-2015:0800
  • CVE-2014-8275
  • CVE-2015-0204
  • CVE-2015-0287
  • CVE-2015-0288
  • CVE-2015-0289
  • CVE-2015-0292
  • CVE-2015-0293
Product(s):
  • openssl