From the upstream advisory :
Invalid Return value check in pkey_rsa_verifyrecover
When verification recovery fails for RSA keys an uninitialised buffer with an
undefined length is returned instead of an error code (CVE-2010-1633).
This bug is only present in OpenSSL 1.0.0 and only affects applications that
call the function EVP_PKEY_verify_recover(). As this function is not present
in previous versions of OpenSSL and not used by OpenSSL internal code very few
applications should be affected. The OpenSSL utility application "pkeyutl" does
use this function.
Affected users should update to 1.0.0a which contains a patch to correct this
Thanks to Peter-Michael Hager for reporting this issue.
Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Created openssl tracking bugs for this issue
Affects: fedora-12 [bug 598736]
Affects: fedora-13 [bug 598737]
Upstream commit that corrects this issue:
(In reply to comment #4)
> Upstream commit that corrects this issue:
Relevant part is crypto/rsa/rsa_pmeth.c change:
openssl-1.0.0a-1.fc13 has been submitted as an update for Fedora 13.
openssl-1.0.0a-1.fc12 has been submitted as an update for Fedora 12.
openssl-1.0.0a-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
openssl-1.0.0a-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.