Scientific Linux Security Update : openssl on SL6.x i386/x86_64
Medium Nessus Plugin ID 87402
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication.
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
SolutionUpdate the affected packages.