OpenSSL is a commercial-grade, full-featured, and open source toolkit
which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library.
Portions of the SSL protocol data stream, which include the lengths of
structures which are being transferred, may not be properly validated.
This may allow a malicious server or client to cause an affected
application to crash or enter an infinite loop, which can be used as a
denial of service (DoS) attack if the application is a server. It has not
been verified if this issue could lead to further consequences such as
remote code execution.
These errata packages contain a patch to correct this vulnerability.
Please note that the original patch from the OpenSSL team had a mistake in
it which could possibly still allow buffer overflows to occur. This bug
is also fixed in these errata packages.
NOTE:
Please read the Solution section below as it contains instructions for
making sure that all SSL-enabled processes are restarted after the update
is applied.
Thanks go to the OpenSSL team for providing patches for these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | openssl-devel | < 0.9.6b-28 | openssl-devel-0.9.6b-28.ia64.rpm |
RedHat | any | i386 | openssl-perl | < 0.9.6b-28 | openssl-perl-0.9.6b-28.i386.rpm |
RedHat | any | ia64 | openssl096 | < 0.9.6-13 | openssl096-0.9.6-13.ia64.rpm |
RedHat | any | i386 | openssl | < 0.9.6b-28 | openssl-0.9.6b-28.i386.rpm |
RedHat | any | ia64 | openssl | < 0.9.6b-28 | openssl-0.9.6b-28.ia64.rpm |
RedHat | any | i386 | openssl096 | < 0.9.6-13 | openssl096-0.9.6-13.i386.rpm |
RedHat | any | ia64 | openssl-perl | < 0.9.6b-28 | openssl-perl-0.9.6b-28.ia64.rpm |
RedHat | any | ia64 | openssl095a | < 0.9.5a-18 | openssl095a-0.9.5a-18.ia64.rpm |
RedHat | any | i386 | openssl-devel | < 0.9.6b-28 | openssl-devel-0.9.6b-28.i386.rpm |
RedHat | any | i686 | openssl | < 0.9.6b-28 | openssl-0.9.6b-28.i686.rpm |