New Search

RHSA-2009:0004 -- openssl security update (Important)

oval:org.mitre.oval:def:28712

Updated OpenSSL packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1 3 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man in the middle attack could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation. (CVE-2008-5077)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • CentOS Linux 5
  • Red Hat Enterprise Linux 4
  • CentOS Linux 2
  • Red Hat Enterprise Linux 3
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2009:0004
  • CESA-2009:0004-CentOS 3
  • CESA-2009:0004-CentOS 5
  • CESA-2009:0004-CentOS 2
  • CVE-2008-5077
Product(s):
  • openssl096
  • openssl
  • openssl097a
  • openssl096b
  • openssl095a