Subject: | |
From: | |
Reply To: | |
Date: | Fri, 4 Mar 2011 15:04:39 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: openssl security update
Issue date: 2010-11-16
CVE Names: CVE-2010-3864
A race condition flaw has been found in the OpenSSL TLS server extension
parsing code, which could affect some multithreaded OpenSSL
applications. Under certain specific conditions, it may be possible for
a remote attacker to trigger this race condition and cause such an
application to crash, or possibly execute arbitrary code with the
permissions of the application. (CVE-2010-3864)
Note that this issue does not affect the Apache HTTP Server.
For the update to take effect, all services linked to the OpenSSL
library must be restarted, or the system rebooted.
SL 6.x
SRPMS:
openssl-1.0.0-4.el6_0.1.src.rpm
i386:
openssl-1.0.0-4.el6_0.1.i686.rpm
openssl-devel-1.0.0-4.el6_0.1.i686.rpm
openssl-perl-1.0.0-4.el6_0.1.i686.rpm
openssl-static-1.0.0-4.el6_0.1.i686.rpm
x86_64:
openssl-1.0.0-4.el6_0.1.i686.rpm
openssl-1.0.0-4.el6_0.1.x86_64.rpm
openssl-devel-1.0.0-4.el6_0.1.i686.rpm
openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm
openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm
openssl-static-1.0.0-4.el6_0.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|