Oval Definition:oval:com.redhat.rhsa:def:20120518
Revision Date:2012-04-24Version:635
Title:RHSA-2012:0518: openssl security update (Important)
Description:OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

  • Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)

    All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2012-2110
    CVE-2012-2110
    RHSA-2012:0518
    RHSA-2012:0518-02
    RHSA-2012:0518-02
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • openssl is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl is signed with Red Hat redhatrelease2 key
  • openssl-devel is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl-devel is signed with Red Hat redhatrelease2 key
  • openssl-perl is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl-perl is signed with Red Hat redhatrelease2 key
  • openssl-static is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl-static is signed with Red Hat redhatrelease2 key
  • openssl098e is earlier than 0:0.9.8e-17.el6_2.2
  • AND openssl098e is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • openssl is earlier than 0:0.9.8e-22.el5_8.3
  • AND openssl is signed with Red Hat redhatrelease2 key
  • openssl-devel is earlier than 0:0.9.8e-22.el5_8.3
  • AND openssl-devel is signed with Red Hat redhatrelease2 key
  • openssl-perl is earlier than 0:0.9.8e-22.el5_8.3
  • AND openssl-perl is signed with Red Hat redhatrelease2 key
  • openssl097a is earlier than 0:0.9.7a-11.el5_8.2
  • AND openssl097a is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • openssl-devel is earlier than 0:0.9.8e-22.el5_8.3
  • AND openssl-devel is signed with Red Hat redhatrelease key
  • openssl-perl is earlier than 0:0.9.8e-22.el5_8.3
  • AND openssl-perl is signed with Red Hat redhatrelease key
  • openssl is earlier than 0:0.9.8e-22.el5_8.3
  • AND openssl is signed with Red Hat redhatrelease key
  • openssl097a is earlier than 0:0.9.7a-11.el5_8.2
  • AND openssl097a is signed with Red Hat redhatrelease key
  • OR Package Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • openssl-devel is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl-devel is signed with Red Hat redhatrelease2 key
  • openssl-static is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl-static is signed with Red Hat redhatrelease2 key
  • openssl-perl is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl-perl is signed with Red Hat redhatrelease2 key
  • openssl is earlier than 0:1.0.0-20.el6_2.4
  • AND openssl is signed with Red Hat redhatrelease2 key
  • openssl098e is earlier than 0:0.9.8e-17.el6_2.2
  • AND openssl098e is signed with Red Hat redhatrelease2 key
    • BACK