OpenSSL: Heap-Based Buffer Overflow Vulnerability

Users of OpenSSL please be advised of a heap based buffer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

MDVSA-2010:238: [MDVSA-2010:238] openssl
Problem Description:

A vulnerability was discovered in openssl that causes a race condition

within the TLS extension parsing code and which can be exploited to

cause a heap-based buffer overflow (CVE-2010-3864).

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

The updated packages have been patched to correct this issue.