sledp3-openssl

Security update for OpenSSL

Security update for OpenSSL

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) security openssl x86_64 7fe97c77a32be6e9c5bf461d9e4f0e3df27c0b84 openssl-32bit x86_64 d9b450b362fba1e556489b1ddb52447277395ab5 openssl-devel x86_64 627c48535286cf18a66dcba5da7b029d0200c571 openssl-devel-32bit x86_64 2684103a3a37e6ee7b909609f4cc207e1a2d1f91