Synopsis: Important: openssl security update Issue Date: 2012-04-24 CVE Numbers: CVE-2012-2110 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. SL5: i386 openssl-0.9.8e-22.el5_8.3.i386.rpm openssl-0.9.8e-22.el5_8.3.i686.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm openssl-devel-0.9.8e-22.el5_8.3.i386.rpm openssl-perl-0.9.8e-22.el5_8.3.i386.rpm openssl097a-0.9.7a-11.el5_8.2.i386.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm x86_64 openssl-0.9.8e-22.el5_8.3.i686.rpm openssl-0.9.8e-22.el5_8.3.x86_64.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.x86_64.rpm openssl-devel-0.9.8e-22.el5_8.3.i386.rpm openssl-devel-0.9.8e-22.el5_8.3.x86_64.rpm openssl-perl-0.9.8e-22.el5_8.3.x86_64.rpm openssl097a-0.9.7a-11.el5_8.2.i386.rpm openssl097a-0.9.7a-11.el5_8.2.x86_64.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.x86_64.rpm SL6: i386 openssl-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl-perl-1.0.0-20.el6_2.4.i686.rpm openssl-static-1.0.0-20.el6_2.4.i686.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm x86_64 openssl-1.0.0-20.el6_2.4.i686.rpm openssl-1.0.0-20.el6_2.4.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.x86_64.rpm openssl-perl-1.0.0-20.el6_2.4.x86_64.rpm openssl-static-1.0.0-20.el6_2.4.x86_64.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-0.9.8e-17.el6_2.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.x86_64.rpm - Scientific Linux Development Team