OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. During an audit of FC3 security issues, the Red Hat security team discovered that the fix for CAN-2004-0081 is missing from OpenSSL096b. This does not present a large risk due to the use of this compatibility package.
Fixed in openssl096b-0.9.6b-20 and -21 for FC2/FC3.