SciLinux: CVE-2009-3245 Important: openssl SL5.x i386/x86_64
Summary
krb5_sname_to_principal() return value checkCVE-2009-3245 openssl: missing bn_wexpand return value checksIt was discovered that OpenSSL did not always check the return value ofthe bn_wexpand() function. An attacker able to trigger a memoryallocation failure in that function could cause an application using theOpenSSL library to crash or, possibly, execute arbitrary code.(CVE-2009-3245)A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handled session renegotiation. Aman-in-the-middle attacker could use this flaw to prefix arbitrary plaintext to a client's session (for example, an HTTPS connection to awebsite). This could force the server to process an attacker's requestas if authenticated using the victim's credentials. This updateaddresses this flaw by implementing the TLS Renegotiation IndicationExtension, as defined in RFC 5746. (CVE-2009-3555)Refer to the following Knowledgebase article for additional detailsabout the CVE-2009-3555 flaw:A missing return value check flaw was discovered in OpenSSL, that couldpossibly cause OpenSSL to call a Kerberos library function with invalidarguments, resulting in a NULL pointer dereference crash in the MITKerberos library. In certain configurations, a remote attacker could usethis flaw to crash a TLS/SSL server using OpenSSL by requesting Kerberoscipher suites during the TLS handshake. (CVE-2010-0433)For the update to take effect, all services linked to the OpenSSLlibrary must be restarted, or the system rebooted.SL 5.xSRPMS:openssl-0.9.8e-12.el5_4.6.src.rpmi386:openssl-0.9.8e-12.el5_4.6.i386.rpmopenssl-0.9.8e-12.el5_4.6.i686.rpmopenssl-devel-0.9.8e-12.el5_4.6.i386.rpmopenssl-perl-0.9.8e-12.el5_4.6.i386.rpmx86_64:openssl-0.9.8e-12.el5_4.6.i686.rpmopenssl-0.9.8e-12.el5_4.6.x86_64.rpmopenssl-devel-0.9.8e-12.el5_4.6.i386.rpmopenssl-devel-0.9.8e-12.el5_4.6.x86_64.rpmopenssl-perl-0.9.8e-12.el5_4.6.x86_64.rpm-Connie Sieh-Troy Dawson