| Description: | Updated OpenSSL packages that correct a security issue are now availablefor Red Hat Enterprise Linux 2.1, 3, 4, and 5.This update has been rated as having important security impact by the RedHat Security Response Team.OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) andTransport Layer Security (TLS v1) protocols as well as a full-strength,general purpose, cryptography library.The Google security team discovered a flaw in the way OpenSSL checked theverification of certificates. An attacker in control of a malicious server,or able to effect a man in the middle attack, could present a malformedSSL/TLS signature from a certificate chain to a vulnerable client andbypass validation. (CVE-2008-5077) |