Red Hat Customer Portal

Skip to main content

CVE-2006-3738

Impact:
Important
Public Date:
2006-09-28
Bugzilla:
430652: CVE-2006-3738 openssl get_shared_ciphers overflow

The MITRE CVE dictionary describes this issue as:

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Find out more about CVE-2006-3738 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 RHSA-2006:0695 2006-09-28
Red Hat Satellite 5.1 (RHEL v.4 AS) (rhn-solaris-bootstrap) RHSA-2008:0629 2008-08-13
Red Hat Enterprise Linux 4 RHSA-2006:0695 2006-09-28
Red Hat Satellite 5.0 (RHEL v.4 AS) (rhn-solaris-bootstrap) RHSA-2008:0264 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0525 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0525 2008-06-30
Red Hat Enterprise Linux 3 RHSA-2006:0695 2006-09-28

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 3 openssl 0.9.7a-33.21 Fixed
Red Hat Enterprise Linux version 4 openssl 0.9.7a-43.14 Fixed
Red Hat Enterprise Linux version 2.1 openssl 0.9.6b-46 Fixed
Red Hat Enterprise Linux version 3 openssl096b 0.9.6b-16.46 Fixed
Red Hat Linux Advanced Workstation 2.1 openssl095a 0.9.5a-32 Fixed
Red Hat Enterprise Linux version 4 openssl096b 0.9.6b-22.46 Fixed
Red Hat Linux Advanced Workstation 2.1 openssl096 0.9.6-32 Fixed

Last Modified