OpenSSL: Important Security Update Fix Arbitrary Code Execution Vulnerability

Users of OpenSSL please be advised of an Important security update fix arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0888-01: [RHSA-2010:0888-01] Important: openssl security update
Product: Red Hat Enterprise Linux
Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)

and Transport Layer Security (TLS v1) protocols, as well as a

full-strength, general purpose cryptography library.

A race condition flaw has been found in the OpenSSL TLS server extension

parsing code, which could affect some multithreaded OpenSSL applications.

Under certain specific conditions, it may be possible for a remote attacker

to trigger this race condition and cause such an application to crash, or

possibly execute arbitrary code with the permissions of the application.

(CVE-2010-3864)Read more at http://www.criticalwatch.com

 

Advertisements