First published: Wed Oct 26 2011(Updated: )
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)<br>and Transport Layer Security (TLS v1) protocols, as well as a<br>full-strength, general purpose cryptography library.<br>An uninitialized variable use flaw was found in OpenSSL. This flaw could<br>cause an application using the OpenSSL Certificate Revocation List (CRL)<br>checking functionality to incorrectly accept a CRL that has a nextUpdate<br>date in the past. (CVE-2011-3207)<br>All OpenSSL users should upgrade to these updated packages, which contain a<br>backported patch to resolve this issue. For the update to take effect, all<br>services linked to the OpenSSL library must be restarted, or the system<br>rebooted.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openssl | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-debuginfo | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-debuginfo | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-devel | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-devel | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-perl | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-static | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-perl | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
redhat/openssl-static | <1.0.0-10.el6_1.5 | 1.0.0-10.el6_1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.