6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.55 Medium
EPSS
Percentile
97.3%
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-5135). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.
A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being
used on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches
designed to mitigate these issues. (CVE-2007-3108).
Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390x | openssl-devel | < 0.9.7a-33.24 | openssl-devel-0.9.7a-33.24.s390x.rpm |
RedHat | any | s390 | openssl-perl | < 0.9.7a-33.24 | openssl-perl-0.9.7a-33.24.s390.rpm |
RedHat | any | i386 | openssl-devel | < 0.9.7a-33.24 | openssl-devel-0.9.7a-33.24.i386.rpm |
RedHat | any | ppc | openssl | < 0.9.7a-33.24 | openssl-0.9.7a-33.24.ppc.rpm |
RedHat | any | ia64 | openssl-perl | < 0.9.6b-48 | openssl-perl-0.9.6b-48.ia64.rpm |
RedHat | any | i386 | openssl | < 0.9.6b-48 | openssl-0.9.6b-48.i386.rpm |
RedHat | any | ia64 | openssl | < 0.9.6b-48 | openssl-0.9.6b-48.ia64.rpm |
RedHat | any | ia64 | openssl-perl | < 0.9.7a-33.24 | openssl-perl-0.9.7a-33.24.ia64.rpm |
RedHat | any | x86_64 | openssl | < 0.9.7a-33.24 | openssl-0.9.7a-33.24.x86_64.rpm |
RedHat | any | i386 | openssl-perl | < 0.9.6b-48 | openssl-perl-0.9.6b-48.i386.rpm |