RHSA-2018:3221: Moderate: openssl security, bug fix, and enhancement update
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.<br>Security Fix(es):<br><li> openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)</li> <li> openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)</li> <li> openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)</li> <li> openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735)</li> <li> openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsagen.c allows attackers to recover private keys (CVE-2018-0737)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:3221?
The severity of RHSA-2018:3221 is classified as important.
How do I fix RHSA-2018:3221?
To fix RHSA-2018:3221, you need to upgrade your OpenSSL package to version 1.0.2k-16.el7 or later.
What systems are affected by RHSA-2018:3221?
RHSA-2018:3221 affects systems running OpenSSL prior to version 1.0.2k-16.el7.
What is the main vulnerability addressed in RHSA-2018:3221?
RHSA-2018:3221 addresses a key extraction side channel vulnerability in multiple crypto libraries.
Do I need to restart my system after applying the fix for RHSA-2018:3221?
Yes, it is recommended to restart your system after applying the fix for RHSA-2018:3221 to ensure all services utilize the updated OpenSSL.