OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can
lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0081 to this issue.
Testing performed by Novell using a test suite provided by NISCC uncovered
an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l
which could cause large recursion and possibly lead to a denial of service
attack if used where stack space is limited. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851
to this issue.
These updated packages contain patches provided by the OpenSSL group that
protect against these issues.
NOTE: Because server applications are affected by this issue, users are
advised to either restart all services using OpenSSL functionality or
restart their system after installing these updated packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | openssl095a | < 0.9.5a-24 | openssl095a-0.9.5a-24.ia64.rpm |
RedHat | any | i386 | openssl-devel | < 0.9.6b-36 | openssl-devel-0.9.6b-36.i386.rpm |
RedHat | any | i386 | openssl095a | < 0.9.5a-24 | openssl095a-0.9.5a-24.i386.rpm |
RedHat | any | i386 | openssl096 | < 0.9.6-25.7 | openssl096-0.9.6-25.7.i386.rpm |
RedHat | any | ia64 | openssl096 | < 0.9.6-25.7 | openssl096-0.9.6-25.7.ia64.rpm |
RedHat | any | ia64 | openssl | < 0.9.6b-36 | openssl-0.9.6b-36.ia64.rpm |
RedHat | any | i686 | openssl | < 0.9.6b-36 | openssl-0.9.6b-36.i686.rpm |
RedHat | any | ia64 | openssl-perl | < 0.9.6b-36 | openssl-perl-0.9.6b-36.ia64.rpm |
RedHat | any | ia64 | openssl-devel | < 0.9.6b-36 | openssl-devel-0.9.6b-36.ia64.rpm |
RedHat | any | i386 | openssl | < 0.9.6b-36 | openssl-0.9.6b-36.i386.rpm |