An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es) :

* openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)

* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)

* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)

* openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735)

* openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Detections

Analytics

RHEL 7 : openssl (RHSA-2018:3221)

high Nessus Plugin ID 118534

Version 1.10

Version 1.9

Version 1.8

Version 1.10 Feb 18, 2025, 11:54 PM Plugin metadata (CVSS 3 Change AC:H --> AC:L where needed) Plugin Feed: 202502182354
Version 1.9 Jul 26, 2024, 8:52 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202407260852
Version 1.8 Mar 23, 2023, 8:46 PM Plugin requirements Plugin Feed: 202303232046