5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
84.5%
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
An uninitialized variable use flaw was found in OpenSSL. This flaw could
cause an application using the OpenSSL Certificate Revocation List (CRL)
checking functionality to incorrectly accept a CRL that has a nextUpdate
date in the past. (CVE-2011-3207)
All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system
rebooted.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | s390x | openssl-devel | < 1.0.0-10.el6_1.5 | openssl-devel-1.0.0-10.el6_1.5.s390x.rpm |
RedHat | 6 | ppc64 | openssl-perl | < 1.0.0-10.el6_1.5 | openssl-perl-1.0.0-10.el6_1.5.ppc64.rpm |
RedHat | 6 | i686 | openssl-debuginfo | < 1.0.0-10.el6_1.5 | openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm |
RedHat | 6 | ppc64 | openssl | < 1.0.0-10.el6_1.5 | openssl-1.0.0-10.el6_1.5.ppc64.rpm |
RedHat | 6 | ppc | openssl-debuginfo | < 1.0.0-10.el6_1.5 | openssl-debuginfo-1.0.0-10.el6_1.5.ppc.rpm |
RedHat | 6 | ppc | openssl-devel | < 1.0.0-10.el6_1.5 | openssl-devel-1.0.0-10.el6_1.5.ppc.rpm |
RedHat | 6 | x86_64 | openssl-static | < 1.0.0-10.el6_1.5 | openssl-static-1.0.0-10.el6_1.5.x86_64.rpm |
RedHat | 6 | s390 | openssl-devel | < 1.0.0-10.el6_1.5 | openssl-devel-1.0.0-10.el6_1.5.s390.rpm |
RedHat | 6 | s390x | openssl-static | < 1.0.0-10.el6_1.5 | openssl-static-1.0.0-10.el6_1.5.s390x.rpm |
RedHat | 6 | s390x | openssl-perl | < 1.0.0-10.el6_1.5 | openssl-perl-1.0.0-10.el6_1.5.s390x.rpm |