Lucene search

K
centosCentOS ProjectCESA-2010:0164
HistoryMar 27, 2010 - 5:44 p.m.

openssl097a security update

2010-03-2717:44:36
CentOS Project
lists.centos.org
72

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

69.4%

CentOS Errata and Security Advisory CESA-2010:0164

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handled session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client’s
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker’s request as if authenticated using the
victim’s credentials. This update addresses this flaw by implementing the
TLS Renegotiation Indication Extension, as defined in RFC 5746.
(CVE-2009-3555)

Refer to the following Knowledgebase article for additional details about
this flaw: http://kbase.redhat.com/faq/docs/DOC-20491

All openssl097a users should upgrade to these updated packages, which
contain a backported patch to resolve this issue. For the update to take
effect, all services linked to the openssl097a library must be restarted,
or the system rebooted.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-March/078757.html
https://lists.centos.org/pipermail/centos-announce/2010-March/078758.html

Affected packages:
openssl097a

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0164

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

69.4%