Red Hat Customer Portal

Skip to main content

CVE-2006-2937

Impact:
Low
Public Date:
2006-09-28
Bugzilla:
430655: CVE-2006-2937 openssl ASN.1 DoS

The MITRE CVE dictionary describes this issue as:

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

Find out more about CVE-2006-2937 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 RHSA-2006:0695 2006-09-28
Red Hat Satellite 5.1 (RHEL v.4 AS) (rhn-solaris-bootstrap) RHSA-2008:0629 2008-08-13
Red Hat Enterprise Linux 4 RHSA-2006:0695 2006-09-28
Red Hat Satellite 5.0 (RHEL v.4 AS) (rhn-solaris-bootstrap) RHSA-2008:0264 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0525 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0525 2008-06-30
Red Hat Enterprise Linux 3 RHSA-2006:0695 2006-09-28

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 3 openssl 0.9.7a-33.21 Fixed
Red Hat Enterprise Linux version 4 openssl 0.9.7a-43.14 Fixed
Red Hat Enterprise Linux version 2.1 openssl 0.9.6b-46 Fixed
Red Hat Enterprise Linux version 3 openssl096b 0.9.6b-16.46 Fixed
Red Hat Linux Advanced Workstation 2.1 openssl095a 0.9.5a-32 Fixed
Red Hat Enterprise Linux version 4 openssl096b 0.9.6b-22.46 Fixed
Red Hat Linux Advanced Workstation 2.1 openssl096 0.9.6-32 Fixed

Last Modified