Red Hat Inc. Information for VU#102795

OpenSSL servers contain a buffer overflow during the SSL2 handshake process

Status

Affected

Vendor Statement

Red Hat distributes affected versions of OpenSSL in all Red Hat Linux distributions as well as the Stronghold web server. Red Hat Linux errata packages that fix the above vulnerabilities (CAN-2002-0655 and CAN-2002-0656) are available from the URL below. Users of the Red Hat Network are able to update their systems using the 'up2date' tool. A future update will fix the potential remote DOS in the ASN.1 encoding (CAN-2002-0659).

    http://rhn.redhat.com/errata/RHSA-2002-155.html

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References

    None

    Addendum

    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.