CentOS Errata and Security Advisory CESA-2005:476-01
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Colin Percival reported a cache timing attack that could allow a malicious local user to gain portions of cryptographic keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-0109 to the issue. The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private-key operations. This patch is designed to mitigate cache timing and potentially related attacks.
A flaw was found in the way the der_chop script creates temporary files. It is possible that a malicious local user could cause der_chop to overwrite files (CAN-2004-0975). The der_chop script was deprecated and has been removed from these updated packages. Red Hat Enterprise Linux 4 did not ship der_chop and is therefore not vulnerable to this issue.
Users are advised to update to these erratum packages which contain patches to correct these issues.
Please note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-June/011779.html
Affected packages: openssl openssl-devel openssl-perl openssl095a openssl096
Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html