Description of problem: The OpenSSL RAND code uses select() to poll /dev/random and doesn't check that fd numbers returned by open() are < FD_SETSIZE before passing them to FD_SET. This causes undefined behaviour i.e. segfaults if fd numbers are pushed above 1024 when e.g. using thousands of log files in a large-scale vhost config with Apache. The code should at minimum have < FD_SETSIZE checks and ideally would use poll() instead to remove the problem entirely. (there are many such bugs in random Apache modules and libraries they use, filing bugs on each of them as I find them)
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
Replaced select by poll.