|Bugzilla:||104893: CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes|
The MITRE CVE dictionary describes this issue as:
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.
The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.
The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).
Red Hat security errata
|Red Hat Linux 7.1||RHSA-2003:291||September 30, 2003|
|Red Hat Linux 7.2||RHSA-2003:291||September 30, 2003|
|Red Hat Linux 7.3||RHSA-2003:291||September 30, 2003|
|Red Hat Linux 8.0||RHSA-2003:291||September 30, 2003|
|Red Hat Linux 9||RHSA-2003:292||September 30, 2003|
|Red Hat Linux Advanced Workstation 2.1||RHSA-2003:293||September 30, 2003|
|Red Hat Stronghold 4||RHSA-2003:290||September 30, 2003|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.