SCIENTIFIC-LINUX-ERRATA Archives

October 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: openssl on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 26 Oct 2011 14:06:09 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Synopsis:    Moderate: openssl security update
Issue Date:  2011-10-26
CVE Numbers: CVE-2011-3207


OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An uninitialized variable use flaw was found in OpenSSL. This flaw could
cause an application using the OpenSSL Certificate Revocation List (CRL)
checking functionality to incorrectly accept a CRL that has a nextUpdate
date in the past. (CVE-2011-3207)

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system
rebooted.

SL6:
  i386
     openssl-1.0.0-10.el6_1.5.i686.rpm
     openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
     openssl-devel-1.0.0-10.el6_1.5.i686.rpm
     openssl-perl-1.0.0-10.el6_1.5.i686.rpm
     openssl-static-1.0.0-10.el6_1.5.i686.rpm
  x86_64
     openssl-1.0.0-10.el6_1.5.i686.rpm
     openssl-1.0.0-10.el6_1.5.x86_64.rpm
     openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
     openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
     openssl-devel-1.0.0-10.el6_1.5.i686.rpm
     openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm
     openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm
     openssl-static-1.0.0-10.el6_1.5.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2