Scientific Linux Security Update : openssl096b on SL3.x, SL4.x i386/x86_64
Critical Nessus Plugin ID 60756
SynopsisThe remote Scientific Linux host is missing a security update.
DescriptionCVE-2009-3245 openssl: missing bn_wexpand return value checks
It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code.
For the update to take effect, all programs using the openssl096b library must be restarted.
SolutionUpdate the affected openssl096b package.