Advisories:rPSA-2006-0163

From rPath Wiki

rPath Security Advisory 2006-0163-1

Published: 2006-09-05

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Remote Deterministic Unauthorized Access

Updated Versions

• openssl=conary.rpath.com@rpl:1/0.9.7f-10.3-1
• openssl-scripts=conary.rpath.com@rpl:1/0.9.7f-10.3-1

rPath Issue Tracking System

• RPL-616

References

• CVE-2006-4339
• http://www.openssl.org/news/secadv_20060905.txt
• http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

Description

Previous versions of the openssl package are vulnerable to a remote

unauthorized access attack when RSA keys with exponent 3 are used for

authentication. While this version of the openssl package resolves

that vulnerability, it is generally recommended not to use RSA keys

with exponent 3 for authentication because multiple implementations

contain this vulnerability. RSA keys with exponent 3 are not in

common use.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html