Rapid7 Vulnerability & Exploit Database

RHSA-2011:1409: openssl security update

Back to Search

RHSA-2011:1409: openssl security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
09/22/2011
Created
07/25/2018
Added
10/27/2011
Modified
07/04/2017

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.An uninitialized variable use flaw was found in OpenSSL. This flaw couldcause an application using the OpenSSL Certificate Revocation List (CRL)checking functionality to incorrectly accept a CRL that has a nextUpdatedate in the past. (CVE-2011-3207)All OpenSSL users should upgrade to these updated packages, which contain abackported patch to resolve this issue. For the update to take effect, allservices linked to the OpenSSL library must be restarted, or the systemrebooted.

Solution(s)

  • redhat-upgrade-openssl
  • redhat-upgrade-openssl-debuginfo
  • redhat-upgrade-openssl-devel
  • redhat-upgrade-openssl-perl
  • redhat-upgrade-openssl-static

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;