(RHSA-2002:161) openssl security update

2003-02-06T05:00:00
ID RHSA-2002:161
Type redhat
Reporter RedHat
Modified 2018-03-14T19:27:18

Description

OpenSSL is a commercial-grade, full-featured, and open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Portions of the SSL protocol data stream, which include the lengths of structures which are being transferred, may not be properly validated. This may allow a malicious server or client to cause an affected application to crash or enter an infinite loop, which can be used as a denial of service (DoS) attack if the application is a server. It has not been verified if this issue could lead to further consequences such as remote code execution.

These errata packages contain a patch to correct this vulnerability. Please note that the original patch from the OpenSSL team had a mistake in it which could possibly still allow buffer overflows to occur. This bug is also fixed in these errata packages.

NOTE:

Please read the Solution section below as it contains instructions for making sure that all SSL-enabled processes are restarted after the update is applied.

Thanks go to the OpenSSL team for providing patches for these issues.