Red Hat Bugzilla – Bug 37730
OpenSSL-0.9.6a has security fixes
Last modified: 2008-05-01 11:38:00 EDT
- Security fix: change behavior of OpenSSL to avoid using environment
variables when running as root.
- Security fix: check the result of RSA-CRT to reduce the possibility
of deducing the private key from an incorrectly calculated signature.
- Security fix: prevent Bleichenbacher's DSA attack.
- Security fix: Zero the premaster secret after deriving the master
secret in DH ciphersuites.
complete announcement available at: