ELSA-2012-0518 -- Oracle openssl_openssl098eID: oval:org.secpod.oval:def:1503632 | Date: (C)2021-01-08 (M)2023-12-07 |
Class: PATCH | Family: unix |
Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. Description OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Product: |
openssl |
openssl098e |