Critical OpenSSL Update for CVE-2010-3864 on Scientific Linux Now Available

Date: Fri, 4 Mar 2011 15:04:39 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: openssl on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: openssl security update
Issue date:	2010-11-16
CVE Names:	CVE-2010-3864

A race condition flaw has been found in the OpenSSL TLS server extension
parsing code, which could affect some multithreaded OpenSSL
applications. Under certain specific conditions, it may be possible for
a remote attacker to trigger this race condition and cause such an
application to crash, or possibly execute arbitrary code with the
permissions of the application. (CVE-2010-3864)

Note that this issue does not affect the Apache HTTP Server.

For the update to take effect, all services linked to the OpenSSL
library must be restarted, or the system rebooted.

SL 6.x

 SRPMS:
openssl-1.0.0-4.el6_0.1.src.rpm
 i386:
openssl-1.0.0-4.el6_0.1.i686.rpm
openssl-devel-1.0.0-4.el6_0.1.i686.rpm
openssl-perl-1.0.0-4.el6_0.1.i686.rpm
openssl-static-1.0.0-4.el6_0.1.i686.rpm
 x86_64:
openssl-1.0.0-4.el6_0.1.i686.rpm
openssl-1.0.0-4.el6_0.1.x86_64.rpm
openssl-devel-1.0.0-4.el6_0.1.i686.rpm
openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm
openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm
openssl-static-1.0.0-4.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson