CentOS Update For Openssl096b CESA-2010:0173 Centos4 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) All openssl096b users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all programs using the openssl096b library must be restarted.

Affected

openssl096b on CentOS 4

References

http://lists.centos.org/pipermail/centos-announce/2010-March/016611.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3245

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0014 (kernel)
CentOS Security Advisory CESA-2009:1222 (kernel)
CentOS Security Advisory CESA-2009:1134 (seamonkey)
CentOS Security Advisory CESA-2009:0270 (gstreamer-plugins)
CentOS Security Advisory CESA-2009:0315 (firefox)

CentOS Update for openssl096b CESA-2010:0173 centos4 i386

Take action and discover your vulnerabilities