CentOS Update For Openssl096b CESA-2010:0173 Centos3 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) All openssl096b users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all programs using the openssl096b library must be restarted.

Affected

openssl096b on CentOS 3

References

http://lists.centos.org/pipermail/centos-announce/2010-March/016582.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3245

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1134 (seamonkey)
CentOS Security Advisory CESA-2009:0397 (firefox)
CentOS Security Advisory CESA-2009:1163 (seamonkey)
CentOS Security Advisory CESA-2009:1321 (nfs-utils)
CentOS Security Advisory CESA-2009:0003 (xen)

CentOS Update for openssl096b CESA-2010:0173 centos3 i386

Take action and discover your vulnerabilities